Operation Endgame disrupts Amadey and StealC cybercrime tools, recovers 27M credentials
Tags Security · Enterprise · Infrastructure
A coordinated international operation led by Microsoft and Europol simultaneously disrupted Amadey (malware-as-a-service) and StealC (infostealer-as-a-service) — two widely used cybercrime tools that shared underlying infrastructure. Microsoft used AI to identify the overlapping infrastructure, then invoked RICO statutes to treat both as a single conspiracy. The operation took down 326 servers and 142 domains, severed control of over 18,000 infected computers, recovered 27 million stolen login credentials, and uncovered $47 million in criminal crypto assets. Partners included ESET, Proofpoint, IBM X-Force, and Bitsight.
Technical significance
The use of AI to identify shared infrastructure between unrelated malware tools, then applying RICO statutes, represents a new playbook for cybercrime disruption. The simultaneous takedown approach prevents criminals from migrating to backup infrastructure. The 27M credential recovery scale highlights how centralized infostealer services have become — and how their disruption can have outsized impact on the cybercrime economy.