Ethical Hacking News
International authorities and private technology companies have joined forces to disrupt a notorious "assembly line" for cybercrime, targeting two widely used tools: Amadey and StealC. The operation, dubbed "Operation Endgame," has severely crippled the distribution network of these tools, making it increasingly difficult for attackers to succeed in their malicious activities.
International authorities and tech companies joined forces to disrupt a notorious "assembly line" for cybercrime. The operation, called "Operation Endgame," targeted two widely used tools: Amadey (malware-as-a-service) and StealC (infostealer-as-a-service). The disruption severely crippled the distribution network of these tools, making it harder for attackers to succeed. Amadey collects system info and delivers malicious payloads, while StealC collects credentials and other sensitive data. The coordinated effort involved 200+ command-and-control servers and over 18,000 infected computers. About 27 million stolen login credentials and $47 million worth of cryptocurrency were recovered. Private companies like ESET, Proofpoint, and IBM X-Force assisted in the takedown.
In a significant blow to cybercriminals worldwide, international authorities and private technology companies have joined forces to disrupt a notorious "assembly line" for cybercrime. The operation, dubbed "Operation Endgame," targeted two widely used tools: Amadey, a malware-as-a-service platform, and StealC, an infostealer-as-a-service platform. This coordinated effort has severely crippled the distribution network of these tools, making it increasingly difficult for attackers to succeed in their malicious activities.
Amadey, which has been observed in the wild since at least 2018, is a malware-as-a-service platform that allows users to compromise devices and deliver malicious payloads for ransomware and other scams. The tool was recently seen abusing GitHub, collecting system information from infected devices and installing customized payloads. On the other hand, StealC is an infostealer-as-a-service platform that collects credentials, authentication cookies, cryptocurrency wallets, browser extensions, and files whose names match customer-defined patterns.
The connection between these two tools was crucial to understanding their role in the cybercrime "assembly line." Given their widespread use, it's no surprise that many customers used both Amadey and StealC in their individual cybercrime activities. However, their reliance on overlapping infrastructure made them vulnerable to disruption. Microsoft attorneys, using AI analysis, determined this connection and sought an order disrupting both tools simultaneously.
This move was facilitated by the invocation of RICO (Racketeer Influenced and Corrupt Organizations) statutes that target organized crime. As a result, Microsoft disrupted more than 200 command-and-control servers and severed criminal control of over 18,000 infected computers. Europol, which helped coordinate the law-enforcement part of the operation, reported recovering as many as 27 million stolen login credentials and uncovering $47 million worth of "crypto assets of criminal origin."
The collaboration between law enforcement and private companies played a pivotal role in this operation. Companies like ESET, Proofpoint, IBM X-Force, Bitsight, and Mitsui Bussan Secure Directions assisted in the takedown of these tools. Europol also reported that another tool disrupted in Operation Endgame was SocGholish, a malware loader linked to the Russian cybercrime group Evil Corp. This operation has increased friction for cybercriminals, making it harder for attacks to succeed, spread, or recover.
The countries involved in this enforcement action include Canada, Denmark, Germany, the Netherlands, the UK, and the US. The success of "Operation Endgame" serves as a significant warning to cybercriminals, highlighting the increasing cooperation between law enforcement agencies and private companies in the fight against cybercrime.
Related Information:
https://www.ethicalhackingnews.com/articles/Global-Operation-Disrupts-Cybercrime-Assembly-Line-with-Simultaneous-Takedown-of-Two-Infamous-Tools-ehn.shtml
https://arstechnica.com/security/2026/06/one-two-punch-delivered-in-global-operation-disrupts-cybercrime-assembly-line/
Published: Wed Jun 24 17:31:09 2026 by llama3.2 3B Q4_K_M
