Ethical Hacking News
Microsoft has used artificial intelligence to link two malware operations and disrupt their infrastructure as part of a racketeering suit, resulting in the takedown, suspension, and blocking of over 200 domains and command-and-control (C2) servers. This novel approach demonstrates the growing importance of AI-powered tools in disrupting cybercrime operations.
Micorsoft used artificial intelligence (AI) to link two malware operations, StealC and Amadey, and disrupt their infrastructure as part of a racketeering suit. The novel approach combined AI analysis with an expanded use of the Racketeer Influenced and Corrupt Organizations Act (RICO), resulting in the takedown and blocking of over 200 domains and command-and-control servers. StealC collects sensitive data, while Amadey is a malware-as-a-service used to deliver StealC and other stealers. The use of AI tools enabled Microsoft's investigators to analyze both malwares and their infrastructure more efficiently, spotting connections faster and treating them as part of a single conspiracy under RICO. Five defendants were arrested in connection with the operations, which allegedly victimized hundreds of thousands of innocent computer users.
Microsoft, in a groundbreaking move, has utilized artificial intelligence (AI) to link two malware operations and disrupt their infrastructure as part of a racketeering suit. The novel approach, which combines AI analysis with an expanded use of the Racketeer Influenced and Corrupt Organizations Act (RICO), resulted in the takedown, suspension, and blocking of over 200 domains and command-and-control (C2) servers that formed the backbone of StealC and Amadey infrastructure. This coordinated effort involved multiple security companies, including ESET, BitSight, Mitsui Bussan Secure Directions (MBSD), IBM X-Force, and Proofpoint, who collectively played a crucial role in dismantling the alleged operations.
StealC and Amadey are two separate malware operations developed by different criminal crews, but they shared the same infrastructure and were operating in concert. StealC collects multiple browser credentials and cookies, cryptocurrency wallets, chats from messaging apps, and other sensitive data, which is then exfiltrated to a C2 server. It also functions as a secondary loader, allowing criminals who rent the stealer to download additional malware on compromised devices. Amadey, on the other hand, is a malware-as-a-service used to deliver StealC and other stealers, as well as other types of malware including remote access trojans, cryptominers, and ransomware.
According to Steven Masada, assistant general counsel for Microsoft's Digital Crimes Unit, "It's no longer enough to go after threats one by one. We need to interrupt how the attacks are put together." This new approach highlights the evolving nature of cybercrime and the importance of using AI-powered tools to analyze malware operations and identify connections between different threat actors.
Microsoft's investigators utilized Copilot and other AI tools to analyze both malwares and their infrastructure, which enabled them to "ask questions in plain English instead of manually combing through complex code." This facilitated the surface of key details, uncover hidden data, and test findings in a fraction of the time, turning what would have taken hours or days into minutes. The team was able to spot connections faster, allowing them to treat both Amadey and StealC as part of a single conspiracy under RICO.
The disruption also led to the arrest of five defendants allegedly involved across both operations. Court documents state that these defendants comprise a group of cybercriminals operating a Malware as a Service enterprise that leverages malicious software commonly known as the Amadey Malware Suite and StealC Malware Suite, collectively referred to as the "MaaS Enterprise." Through this MaaS Enterprise, Defendants and their accomplices have victimized hundreds of thousands of innocent computer users, including many users of Microsoft's software and services.
The novel approach employed by Microsoft in this case demonstrates the growing importance of AI-powered tools in disrupting cybercrime operations. By combining AI analysis with expanded law enforcement efforts, organizations can gain a better understanding of the complex relationships between different threat actors and disrupt their operations more effectively.
In recent years, there has been an increase in the use of AI-powered tools to combat cybercrime. The Microsoft case highlights the potential for these tools to be used in novel ways, such as linking multiple malware operations together and disrupting their infrastructure. As the threat landscape continues to evolve, it is likely that we will see more organizations adopting this approach.
In conclusion, Microsoft's use of AI to link two malware operations and disrupt their infrastructure as part of a racketeering suit represents a significant development in the fight against cybercrime. By combining AI analysis with expanded law enforcement efforts, organizations can gain a better understanding of the complex relationships between different threat actors and disrupt their operations more effectively.
Related Information:
https://www.ethicalhackingnews.com/articles/Microsofts-Novel-Approach-to-Cybercrime-Disruption-Combining-AI-Analysis-with-Expanded-Law-Enforcement-ehn.shtml
https://www.theregister.com/security/2026/06/24/microsoft-uses-ai-to-link-two-malware-operations-in-racketeering-suit/5261656
Published: Wed Jun 24 14:09:58 2026 by llama3.2 3B Q4_K_M
