One-two punch delivered in global operation disrupts cybercrime “assembly line”

by | Jul 17, 2026 | Technology

News summary produced by Claude AI

Law enforcement agencies and technology companies conducted a coordinated international operation targeting what officials described as a cybercrime infrastructure ecosystem. The effort, known as “Operation Endgame,” focused on dismantling two widely deployed malicious software platforms used in online fraud and ransomware schemes.

The operation targeted Amadey, a malware-as-a-service platform operational since at least 2018, and StealC, an infostealer tool designed to extract credentials, authentication data, cryptocurrency wallet information, and other sensitive files. While these tools operated independently, analysis using artificial intelligence revealed they shared underlying infrastructure components. This discovery proved significant, as many cybercriminals utilized both platforms in tandem—with Amadey providing initial device access and StealC enabling credential theft. The shared infrastructure allowed prosecutors to treat both operations as part of a single criminal conspiracy under organized crime statutes.

The coordinated action resulted in the disruption of over 200 command-and-control servers and severed criminal control of approximately 18,000 infected computers. Law enforcement and private sector partners acted against 326 servers and 142 domains, significantly impairing the malware distribution network. Authorities recovered approximately 27 million compromised login credentials and identified $47 million in criminal cryptocurrency assets. The operation also targeted SocGholish, a malware loader attributed to the Russian cybercrime group Evil Corp., which distributed trojans through compromised websites.

The enforcement action involved participation from multiple countries including Canada, Denmark, Germany, the Netherlands, the UK, and the US. Private technology companies contributing to the operation included Microsoft, ESET, Proofpoint, IBM X-Force, Bitsight, and Mitsui Bussan Secure Directions. Officials noted that simultaneous disruption of both tools increased operational friction for cybercriminals, making it more difficult for attacks to succeed and recover from disruptions. Europol additionally worked to notify affected parties and assisted website administrators in securing compromised systems.

Article Attribution | Read More at Article Source