Ethical Hacking News
Amadey and StealC malware networks disrupted by global law enforcement effort; 27 million stolen login credentials recovered. Read more about Operation Endgame and its implications for cybersecurity.
Law enforcement agencies from across the globe collaborated to take down two notorious malware networks, Amadey and StealC, in a joint operation dubbed Operation Endgame. The operation involved judicial authorities and law enforcement from 8 countries, as well as private sector companies like Bitdefender and Microsoft. The goal of the operation was to disrupt the "assembly lines" used by cybercriminals to launch ransomware, financial fraud, and attacks on critical infrastructure. The operation resulted in the dismantling of 326 servers and 142 domains associated with the malware networks, as well as the recovery of 27 million stolen login credentials. The success of Operation Endgame marks a significant milestone in the fight against cybercrime as a service and demonstrates the power of public-private sector collaboration.
In a groundbreaking operation, law enforcement agencies from across the globe have collaborated to take down two notorious malware networks, Amadey and StealC, leaving behind a trail of disrupted operations and a significant number of stolen credentials recovered. The joint effort, which has been dubbed Operation Endgame, marks a major milestone in the fight against cybercrime as a service.
At the heart of this operation was a coordinated assault on the infrastructure powering Amadey and StealC, two malware families that have been making headlines for their sophisticated attacks on critical infrastructure and financial systems. The joint effort involved judicial authorities and law enforcement from Belgium, Canada, Denmark, France, Germany, the Netherlands, the U.K., and the U.S., as well as private sector companies including Bitdefender, Bitsight, ESET, and Microsoft.
According to Europol, the main common goal of the operation was to disrupt the "assembly lines" cybercriminals use to launch ransomware, financial fraud, and attacks on critical infrastructure. The law enforcement agencies were able to achieve this by dismantling 326 servers and 142 domains associated with the malware networks, as well as identifying and flagging cryptocurrency assets valued at over $47 million.
The operation was also notable for its emphasis on public-private sector collaboration, with experts from both sides of the divide praising the joint effort as a powerful demonstration of what can be achieved when governments and corporations work together to combat cybercrime. "This takedown is a powerful demonstration of what public and private sector collaboration can achieve in dismantling the infrastructure that enables cybercrime at scale," said Alex Cosoi, chief security strategist at Bitdefender.
In addition to disrupting the malware networks, the operation also resulted in the recovery of 27 million stolen login credentials. These credentials were identified as part of a broader effort to track and dismantle the malware distribution network, which has been linked to over 140,000 infected computers globally.
StealC, one of the two malware families targeted by the operation, has been described as a "representative infostealer" in ransomware attack chains. It is known for its ability to extract sensitive information from compromised hosts, including screenshots, credentials, session cookies, autofill entries, credit card data, browsing history, and extension data. The malware first surfaced in the wild in January 2023 and has since been linked to a number of high-profile attacks.
Amadey, on the other hand, is known for its modular design, which allows it to be easily updated and customized by affiliates who purchase licenses from the threat actor behind the malware. The malware is also capable of downloading and executing EXE, MSI, or PowerShell payloads based on commands from an external server.
The operation was not without its challenges, however. Experts noted that both Amadey and StealC employ the same infrastructure, with the two malware families being linked to more than 140,000 infected computers globally in the first two weeks of May 2026. The tech giant Microsoft has identified over 18,000 victim computers and severed criminal control of those devices.
Bitsight, a threat intelligence firm, described the operation as "a powerful demonstration of what public and private sector collaboration can achieve in dismantling the infrastructure that enables cybercrime at scale." The firm noted that loaders and stealers are the two halves of the commodity malware pipeline, with Amadey and StealC being linked to a number of high-profile attacks.
The success of Operation Endgame marks a significant milestone in the fight against cybercrime as a service. As the threat landscape continues to evolve, it is clear that law enforcement agencies and private sector companies will need to work together if they are to have any hope of keeping pace with the ever-growing army of cybercriminals.
Related Information:
https://www.ethicalhackingnews.com/articles/A-Massive-Crackdown-Amadey-and-StealC-Malware-Networks-Disrupted-by-Global-Law-Enforcement-Effort-ehn.shtml
https://thehackernews.com/2026/06/amadey-and-stealc-malware-network.html
Published: Wed Jun 24 12:38:38 2026 by llama3.2 3B Q4_K_M
