Global Operation Disrupts Cybercrime Tools
Originally published Jun 24, 2026
By Dan Goodin · Ars Technica
AI-generated summary based on Ars Technica · Aggregated by OffScreenSpace · Human-reviewed and approved on Jun 24, 2026
Key points
- Amadey and StealC are two widely used cybercrime tools that were simultaneously targeted in 'Operation Endgame'.
- Microsoft and Europol disrupted over 200 command-and-control servers and recovered 27 million stolen login credentials.
- The legal action treated Amadey and StealC as part of a single conspiracy using RICO statutes, based on their overlapping infrastructure.
- The operation involved 326 servers and 142 domains being taken down, crippling the malware's distribution network.
- Companies like ESET, Proofpoint, IBM X-Force, and Mitsui Bussan Secure Directions assisted in the operation.
International authorities and tech companies have disrupted a cybercrime 'assembly line' by targeting two widely used tools, Amadey and StealC. These tools were used to steal login credentials and collect over $47 million in ransom payments and other fraudulent activities. Amadey is a malware-as-a-service platform that compromises devices and delivers malicious payloads, while StealC is an infostealer-as-a-service tool that collects sensitive information. The operation, dubbed 'Operation Endgame,' involved seizing control of over 200 command-and-control servers and recovering millions of stolen credentials. Microsoft and Europol led the effort, using AI analysis to identify the overlapping infrastructure of the tools and invoking RICO statutes to treat them as part of a single conspiracy. The collaboration between law enforcement and private companies significantly hindered the cybercriminals' operations.
Read the original story: Ars Technica — by Dan Goodin