Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

Operation Endgame takedown of Amadey and StealC infrastructure

Law Enforcement
First reported
Last updated
Happening score
H score 66
3 unique sources, 3 articles

Summary

Hide ▲

An international law-enforcement takedown under Operation Endgame disrupted shared infrastructure used by StealC and Amadey, with around 50 domains and nearly 200 active IP-based C2 servers seized. The action was coordinated by Europol, involved Germany’s Federal Criminal Police Office and legal support from Eurojust, and included technical analysis and intelligence support from partners such as Microsoft, ESET, BitSight, IBM X-Force, Lumen, Proofpoint, and Mitsui Bussan Secure Directions. Microsoft said the disruption used AI-powered analysis and court-authorized action to target the shared malware infrastructure, while Europol said the wider effort helped freeze €41m in criminal crypto assets and recover 27 million stolen login credentials.

Related Happenings

Amadey and StealC MaaS ecosystem and affiliate model

Threat Actor Meta
H score73 First: 24.06.2026 18:59 Last: 24.06.2026 18:59 Sources 1

How related: All three malware families are known to be advertised under a malware-as-a-service (MaaS) model, allowing customers to deliver additional payloads or steal sensitive information from compromised hosts.

About this happening: The **Amadey** and **StealC** ecosystems now operate as **malware-as-a-service (MaaS)** offerings, widening access to loader and stealer capabilities for paying customers and affi...

Open Happening

StealC and Amadey infostealer infrastructure disruption

Malware Activity
H score69 First: 24.06.2026 18:25 Last: 24.06.2026 18:25 Sources 1

How related: Both are infostealers with a dropper function that have been widely used by cybercriminals.

About this happening: The **StealC** and **Amadey** infostealer infrastructure was disrupted, cutting off the **C2 servers** used to control infected systems and weakening a major cybercrime supply cha...

Open Happening

Amadey and StealC shared-infrastructure malware activity

Malware Activity
H score66 First: 24.06.2026 18:02 Last: 24.06.2026 18:02 Sources 1

How related: Amadey is a malware-as-a-service loader that gives threat actors access to systems, enabling them to deliver secondary payloads. StealC is an infostealer that has been around since 2023, helping cybercriminals obtain credentials, cryptocurrency wallets, cookies, and other valuable data.

About this happening: The **Amadey** loader and **StealC** infostealer are being linked through shared **C&C infrastructure**, making the pair easier to coordinate and disrupt. **Amadey** helps attacke...

Open Happening

Guardia di Finanza dismantles CINEMAGOAL piracy network

Law Enforcement
H score20 First: 23.05.2026 17:23 Last: 23.05.2026 17:23 Sources 1

About this happening: Italian authorities **seized** **CINEMAGOAL** servers and dismantled a cross-border **takedown** of a piracy ecosystem that stole streaming authentication codes. The **Tutto Chiar...

Open Happening

Microsoft civil action against Fox Tempest infrastructure takedown

Regulatory/Legal Action
H score24 First: 19.05.2026 18:00 Last: 19.05.2026 18:00 Sources 1

About this happening: Microsoft filed a **civil action** against **Fox Tempest** in the **US District Court for the Southern District of New York**, securing a **court order** that enabled a broad disr...

Open Happening

Timeline

  1. 24.06.2026 18:02 4 articles · 2h ago

    Microsoft and partners disrupt shared Amadey and StealC infrastructure

    Initial Disclosure

    Microsoft, law enforcement, and cybersecurity partners disrupted shared infrastructure used by Amadey and StealC under Operation Endgame, targeting hundreds of domains and servers. Investigators used AI-powered analysis and a vulnerability in the StealC C&C panel to support the takedown, and Europol said the operation seized more than 25 million unique credentials from over 385,000 systems, identified and secured 18,000 compromised computers, and flagged crypto assets valued at more than $47 million.

    Show sources
    Open in new tab