Particle.news
Download on the App Store
14 ARTICLES
·
2h ago

Operation Endgame Disrupts Amadey and StealC Infrastructure

Law enforcement and private firms used AI and coordinated legal actions to sever attacker control of thousands of machines and identify millions in stolen credentials and crypto.

Digital illustration featuring a glowing world map formed by illuminated dots and binary-style patterns on a dark display screen. The map is shown in blue and white tones against a modern technology-themed background with layered blue gradients, suggesting global connectivity, cybersecurity, and digital infrastructure.
Image
Image
Operation Endgame Disrupts StealC, Amadey and SocGholish Malware Networks

Overview

  • Operation Endgame, which acted on June 24, 2026, targeted the shared command-and-control networks behind Amadey and StealC and also cleaned large parts of the SocGholish distribution system.
  • Microsoft led a court-authorized civil action that used AI analysis to link the two malware families and treat them as a single conspiracy under RICO, enabling disruption of more than 200 C2 servers.
  • Europol and partners reported that authorities actioned roughly 326 servers and 142 domains, severed criminal control of about 18,000 infected machines, recovered about 27 million stolen credentials, and identified or flagged over €41 million in criminal cryptocurrency assets.
  • Private researchers helped by exploiting a vulnerability in the StealC control panel, extracting configurations, and building emulators to map infections and payloads, while vendors contributed telemetry and blocking actions to sinkhole or seize infrastructure.
  • Officials warned the disruption is not a cure; the takedown raises the cost and friction for cybercrime but operators can rebuild without arrests and sustained international monitoring, so victims were routed to notification and remediation channels such as Have I Been Pwned and urged to change passwords and enable MFA.