惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
L
Lohrmann on Cybersecurity
aimingoo的专栏
aimingoo的专栏
V
V2EX
S
Security Affairs
T
Threatpost
C
CXSECURITY Database RSS Feed - CXSecurity.com
IT之家
IT之家
J
Java Code Geeks
The Register - Security
The Register - Security
U
Unit 42
C
CERT Recently Published Vulnerability Notes
月光博客
月光博客
A
About on SuperTechFans
H
Hackread – Cybersecurity News, Data Breaches, AI and More
T
The Blog of Author Tim Ferriss
Cisco Talos Blog
Cisco Talos Blog
Project Zero
Project Zero
S
Schneier on Security
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
D
DataBreaches.Net
博客园 - 司徒正美
V
Vulnerabilities – Threatpost
T
Tor Project blog
Security Latest
Security Latest
T
The Exploit Database - CXSecurity.com
T
Threat Research - Cisco Blogs
Scott Helme
Scott Helme
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
M
MIT News - Artificial intelligence
云风的 BLOG
云风的 BLOG
小众软件
小众软件
L
LangChain Blog
Attack and Defense Labs
Attack and Defense Labs
Recent Commits to openclaw:main
Recent Commits to openclaw:main
P
Palo Alto Networks Blog
A
Arctic Wolf
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
C
Cyber Attacks, Cyber Crime and Cyber Security
博客园 - 叶小钗
D
Darknet – Hacking Tools, Hacker News & Cyber Security
L
LINUX DO - 最新话题
MongoDB | Blog
MongoDB | Blog
Webroot Blog
Webroot Blog
H
Hacker News: Front Page
Know Your Adversary
Know Your Adversary
Spread Privacy
Spread Privacy
AWS News Blog
AWS News Blog
Engineering at Meta
Engineering at Meta

www.infosecurity-magazine.com

Just Three Ransomware Gangs Accounted for 40% of Attacks Last Month Google Chrome Rolls Out Protection Against Infostealers Targeting Session Cookies STX RAT Targets Finance Sector With Advanced Stealth Tactics Bitcoin Depot Reports $3.6m Crypto Theft After System Breach Atomic Stealer MacOS ClickFix Attack Bypasses Apple Security Warnings Middle East Hack-for-Hire Operation Traced to South Asian Cyber Espionage Group Governance Gaps Emerge as AI Agents Drive 76% Increase in NHIs Google Warns of New Threat Group Targeting BPOs and Helpdesks Google API Keys Quietly Gain Access to Gemini on Android Devices Critical Vulnerability in Ninja Forms Exposes WordPress Sites Anthropic Launches Project Glasswing to Use AI to Find and Fix Critical Software Vulnerabilities US Thwarts DNS Hijacking Network Controlled by Russian APT28 Hackers Claude Discovers Apache ActiveMQ Bug Hidden for 13 Years Iran‑Backed Threat Actors Hit US CNI Providers via Internet‑Facing OT Assets Russian APT28 Hackers Hijack Routers to Steal Credentials, UK Security Agency Warns GPU Rowhammer Attack Enables Privilege Escalation and Full System Compromise GrafanaGhost Exploit Bypasses AI Guardrails for Silent Data Exfiltration Over $17bn Lost to Cyber Fraud in the Last Year, Warns FBI Storm-1175 Exploits Flaws in High-Velocity Medusa Attacks Fortinet Releases Emergency Patch After FortiClient EMS Bug Is Exploited New Phishing Platform Used in Credential Theft Campaigns Against C-Suite Execs New 'Storm' Infostealer Remotely Decrypts Stolen Credentials NCSC Issues Security Alert Over Hackers Targeting WhatsApp and Signal Accounts Apple Expands iOS 18 Security Updates Amid DarkSword Threat Researchers Observe Sub-One-Hour Ransomware Attacks GitHub Used as Covert Channel in Multi-Stage Malware Campaign Most CNI Firms Face Up to £5m in Downtime from OT Attacks Google Introduces Android Dev Verification Amid Openness Debate New Venom Stealer MaaS Platform Automates Continuous Data Theft Chinese Hackers Target European Governments in Espionage Campaigns Eight in 10 UK Manufacturers Hit by Cyber Incident in a Year Hackers Hijack Axios npm Package to Spread RATs Maryland Man Charged Over $53m Uranium Finance Crypto Hack Phantom Project Bundles Infostealer, Crypter and RAT For Sale ChatGPT Security Issue Enabled Data Theft via Single Prompt TeamPCP Explores Ways to Exploit Stolen Supply Chain Secrets Employee Data Breaches Surge to Seven-Year High NCSC Urges Immediate Patching of F5 BIG-IP Bug Cybercriminals Exploit Tax Season With New Phishing Tactics Lloyds IT Glitch Exposed Data of Nearly 500,000 Banking Customers DeepLoad Malware Combines ClickFix With AI-Generated Code to Avoid Detection Critical Citrix NetScaler Vulnerability Exploited in the Wild ICO Fines UK Nuisance Call Scammers £100,000 European Commission Confirms Cloud Data Breach New Wave of AiTM Phishing Targets TikTok for Business TeamPCP Targets Telnyx Package in Latest PyPI Software Supply Chain Attack Quantum Computing Threat to Encryption Is Closer Than Expected, Warns Google UK Cracks Down on Chinese Crypto Marketplace for Funding Southeast Asia Scam Hubs Security Researchers Sound the Alarm on Vulnerabilities in AI-Generated Code Attackers Rapidly Weaponize Critical Oracle WebLogic RCE, Honeypot Study Finds EtherRAT Techniques Bypass Security Via Ethereum Smart Contracts AI Becomes the Top Cybersecurity Priority for Defenders as Criminals Exploit It, PwC Warns OpenAI Expands Bug Bounty to Cover AI Abuse and 'Safety' Concerns Iran-Linked Pay2Key Ransomware Group Re-Emerges Invoice Fraud Costs UK Construction Sector Millions, NCA Warns Cloud Phones Linked to Rising Financial Fraud Threat Hackers Exploit Compromised Enterprise Identities at Industrial Scale, Warns SentinelOne US: FCC Bans Foreign-Made Routers Over National Security Concerns TeamPCP Expands Supply Chain Campaign With LiteLLM PyPI Compromise Experts Sound Alarm Over “Prompt Poaching” Browser Extensions Operation Henhouse Nets Over 500 Arrests in UK Fraud Crackdown RSA Conference: UK NCSC Head Urges Industry to Develop Vibe Coding Safeguards Silver Fox Cyber Campaigns Show Shift Toward Dual Espionage Citrix Urges Immediate Patching for Critical NetScaler Vulnerabilities New Npm 'Ghost Campaign' Uses Fake Install Logs to Hide Malware Former Ukrainian Foreign Minister Dmytro Kuleba to Address the New Cyber Frontline at Infosecurity Europe Enterprise Cybersecurity Software Fails 20% of the Time, Warns Absolute Security Russian Initial Access Broker Handed 81-Month Sentence Handala Group Tied to Iranian Hack‑and‑Leak Operations, FBI Reveals Most Cybersecurity Staff Don’t Know How Fast They Could Stop a Cyber-Attack on AI Systems Tycoon2FA Phishing Service Resumes Activity Post-Takedown High-Tech Sector Overtakes Finance as Top Target for Cyber-Attacks, Mandiant Reports Trivy Supply Chain Attack Expands With New Compromised Docker Images CISA Orders US Government to Patch Maximum Severity Cisco Flaw Operation Alice Takes Down 370,000+ Dark Web Sites Hackers Exploit Critical Langflow Bug in Just 20 Hours NCA Boss Warns That Teens Are Being “Radicalized” Into Cybercrime Online Ransomware Affiliate Exposes Details of 'The Gentlemen' Operation Financial Brands Targeted in Global Mobile Banking Malware Surge FCA Updates Cyber Incident and Third-Party Reporting Rules AWS Warns Hackers Have Abused Cisco Firewall Zero-Day Since January UK: Regulation Drives Cyber Spending for Critical Infrastructure Orgs New Ubuntu Flaw Enables Local Attackers to Gain Root Access Crypto Scam "ShieldGuard" Dismantled After Malware Discovery AI-Enabled Adversaries Compress Time-to-Exploit Following Vulnerability Disclosure Vidar Stealer 2.0 Exploits GitHub, Reddit to Deliver Malware via Fake Game Cheats AI Issues Will Drive Half of Incident Response Efforts by 2028, Says Gartner Android OS-Level Attack Bypasses Mobile Payment Security 'CursorJack’ Attack Path Exposes Code Execution Risk in AI Development Environment Surge in Nation State Attacks on UK Firms Amid Cyber Warfare Fears Aeternum Botnet Shifts Command Control to Polygon Blockchain Leading Semiconductor Supplier Advantest Hit by Ransomware Attack Remcos RAT Expands Real-Time Surveillance Capabilities SMEs Wrong to Assume They Won’t Be Hit by Cyber-Attacks, NCSC Boss Warns Google Warns of In the Wild Exploit as It Patches New Chrome Zero Day Phorpiex Phishing Delivers Low-Noise Global Group Ransomware BridgePay Confirms Ransomware Attack, No Card Data Compromised New Hacking Campaign Exploits Microsoft Windows WinRAR Vulnerability Labyrinth Chollima Evolves into Three North Korean Hacking Groups Google Disrupts Extensive Residential Proxy Networks
Operation Endgame Takes Down StealC and Amadey Infostealers
https://www.infosecurity-magazine.com/profile/kevin-poireault/ · 2026-06-24 · via www.infosecurity-magazine.com

The infrastructure of two infamous information stealer malware strains (infostealers), StealC and Amadey, has been disrupted by an international law enforcement takedown.

The action against formed the latest part of Operation Endgame, an ongoing global police investigation to combat ransomware and cybercrime worldwide.

It specifically involved Germany’s Federal Criminal Police Office and was coordinated by Europol, which provided intelligence and technical analysis support via its European Cybercrime Centre (EC3) and had strategic oversight through the Joint Cybercrime Action Taskforce (J-CAT), with additional legal support by Eurojust.

It also involved several industry partners, including BitSight, ESET, IBM X-Force, Lumen, Microsoft, Mitsui Bussan Secure Directions and Proofpoint.  

Takedown banner when a user tries to access to domains linked to StealC and Amadey infostealers. Source: Microsoft
Takedown banner when a user tries to access to domains linked to StealC and Amadey infostealers. Source: Microsoft

This new episode comes just a few days after the Dutch police announced the takedown of the SocGholish botnet – also as part of Operation Endgame – which was widely used by ransomware groups such as Evil Corp.

Amadey and StealC Explained

Operation Endgame seized around 50 domains and nearly 200 active IP-based command-and-control (C2) servers associated with Amadey and StealC.

Both are infostealers with a dropper function that have been widely used by cybercriminals.

StealC was primarily designed to extract sensitive information such as passwords, stored access data and digital identities from compromised computers and to make them available for subsequent illicit use, especially data trading and fraudulent use.

While Amadey had similar features, it primarily served as the first link in a larger attack chain. It was equipped with the capability of introducing additional malware into compromised systems.

“Together, they form a critical link in the cybercrime supply chain,” noted Europol.

How Amadey and StealC are typically used together. Source: Microsoft
How Amadey and StealC are typically used together. Source: Microsoft

According to insight collected by Microsoft, in the first two weeks of May 2026 Amadey and StealC were linked to over 140 000 infected computers worldwide.

Breaking the Infostealer Supply Chain With AI

In a blog explaining the takedown, Microsoft said it disrupted the Amadey and StealC infostealers by executing a simultaneous, court-authorized takedown.

During this operation, the tech giant’s Digital Crimes Unit (DCU) disrupted more than 200 command-and-control (C2) servers. The team also identified over 18,000 victim computers, severed criminal control of those devices and began working with telecommunications providers to help protect affected customers globally.

To achieve this, Microsoft utilized AI, including Copilot, to analyze the malware. Instead of manually combing through complex code, investigators asked questions in plain English.

According to the blog, this approach helped "surface key details, uncover hidden data, and test findings in a fraction of the time".

The AI turned tasks that normally took hours or days into minutes, enabling investigators to quickly realize that although Amadey and StealC were developed by separate cybercriminals, they relied on the same infrastructure.

These AI-driven insights ultimately "allowed the legal team to treat both malware families as part of a single conspiracy".

For this takedown, Microsoft explained that it focused on "targeting the cyber-attack supply chain, not just individual services."

Historically, Microsoft has used civil legal actions and the US Racketeer Influenced and Corrupt Organizations Act (RICO) to target organized crime, but this action was unique because they combined "AI analysis with an expanded use of that law."

Instead of tackling each malware tool separately, they used RICO to "charge multiple complicit enablers involved across the operation" under one single conspiracy.

Steven Masada, assistant general counsel at Microsoft's DCU, explained, "When multiple parts of an operation are disrupted together, attacks are harder to launch, scale and recover from".

He further noted that "it's no longer enough to go after threats one by one" and concluded that defenders "need to interrupt how the attacks are put together".

In separate blogs, ESET, BitSight and Mitsui Bussan Secure Directions said they contributed to this effort by providing technical analyses, statistical information, known C2 servers, encryption keys, campaign, build identifiers and other threat intelligence information.

Proofpoint and IBM X-Force threat researchers also developed a StealC emulator to identify and track operations, infrastructure and payloads.

€41m of Criminal Crypto Assets Frozen

In a public statement on June 24, Europol said the main goal of the takedown of SocGholish, StealC and Amadey was “to disrupt the ‘assembly lines’ cybercriminals use to launch ransomware, financial fraud and attacks on critical infrastructure.”

The Hague-based European law enforcement agency said beyond the takedowns, this new chapter of Operation Endgame resulted in €41m ($46.5m) of crypto assets of criminal origin identified and frozen and 27 million stolen login credentials recovered.

Officers and their private sector partners also took down 326 servers and seized 142 domains, “severely crippling the malware’s distribution network,” Europol noted.

Aside from Germany and the Netherlands, Operation Endgame has involved many other countries, such as Canada, Denmark, the UK and the US.

Additional partners of the wider operation also include the Shadowserver Foundation, Registrar of Last Resort (RoLR), Infoblox, NorthWave, Orange Cyberdefense, Bitdefender, Have I Been Pwned and Spamhaus.

Image credits: PixelBiss / Menno van der Haven / Shutterstock.com

Read now: Operation Endgame 3.0 Dismantles Three Major Malware Networks