EarlyNarratives
Pricing
Start free trialSign in
Start free trialSign in
Signal

Microsoft and allies disrupt shared infrastructure of Amadey and StealC malware

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-06-24 12:30 UTCUpdated 2026-06-24 15:02 UTC
rss
cveexploitsmalwarethreat_actorsincident_responsesecurity_policy
Trend in the last 24h
Current brief openSource links open
This current signal is open on the public brief with summary, metadata, source links, and full evidence. Pro adds compare-over-time, alerts, exports, and workflow.
BackEvidence (4)Get the free brief by emailStart free trial
No card needed for the free brief.
Evidence trail (top sources)
top sources (4 domains)domains are deduped. counts indicate coverage, not truth.
4 top sources shown
View all evidence
Overview

Microsoft, Europol, and international partners have jointly disrupted hundreds of command-and-control servers used by the Amadey botnet and StealC infostealer malware.

Entities
MicrosoftESETBitSightLumenMitsui Bussan Secure DirectionsIBMOperation EndgameSteven Masada
Score total
1.52
Momentum 24h
4
Posts
4
Origins
4
Source types
1
Duplicate ratio
0%
Why now
  • The takedown is a novel coordinated effort targeting multiple malware families at once.
  • Cybercriminals increasingly use interconnected malware services, requiring joint disruption.
  • Recent tracking and investigations enabled precise targeting of shared infrastructure.
Why it matters
  • Simultaneous disruption of related malware infrastructure complicates cybercriminal operations.
  • Infostealers like StealC pose significant risks by enabling attackers to bypass security controls.
  • Operation Endgame targets cybercrime services, reducing ransomware and other malicious activity.
LLM analysis
Topic mix: lowPromo risk: lowSource quality: high
Recurring claims
  • Amadey is a malware delivery botnet often used to deploy infostealers like StealC.
  • StealC is an infostealer that harvests credentials and session tokens, enabling attackers to bypass multifactor authentication and escalate attacks.
  • The takedown operation simultaneously disrupted hundreds of command-and-control servers used by both Amadey and StealC, increasing friction for cybercriminals.
How sources frame it
  • Microsoft Digital Crimes Unit: neutral
All evidence
All evidence
SecurityWeek report on Amadey and StealC infrastructure takedown
securityweek.com · securityweek.com · 2026-06-24 15:02 UTC
Amadey, StealC malware operations disrupted in Operation Endgame action
bleepingcomputer_all · bleepingcomputer.com · 2026-06-24 14:35 UTC
StealC and Amadey: Breaking down infostealers and the cybercrime services that deliver them
Microsoft Security Blog · microsoft.com · 2026-06-24 12:30 UTC
In a first, a court takedown goes after two cybercrime tools at once
CyberScoop · cyberscoop.com · 2026-06-24 12:30 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 4Origin domains: 4Duplicates: -
Showing 4 / 0
Top publishers (this list)
  • securityweek.com (1)
  • bleepingcomputer_all (1)
  • Microsoft Security Blog (1)
  • CyberScoop (1)
Top origin domains (this list)
  • securityweek.com (1)
  • bleepingcomputer.com (1)
  • microsoft.com (1)
  • cyberscoop.com (1)