Signal
International operation disrupts Amadey and StealC malware networks, recovers millions of stolen credentials
Evidence first: scan the strongest sources, then decide whether to go deeper.
Published 2026-06-24 12:30 UTCUpdated 2026-06-24 20:00 UTC
rss
cveexploitsmalwarethreat_actorsincident_responsesecurity_policy
Trend in the last 24h
Current brief openSource links open
This current signal is open on the public brief with summary, metadata, source links, and full evidence. Pro adds compare-over-time, alerts, exports, and workflow.
No card needed for the free brief.
Evidence trail (top sources)
top sources (4 domains)domains are deduped. counts indicate coverage, not truth.4 top sources shown
Overview
Coverage discusses speculative scenarios around ~$47M; treat as market chatter and see linked sources.
Entities
MicrosoftESETBitdefenderBitsightEuropolOperation EndgameAmadeyStealC
Score total
1.87
Momentum 24h
8
Posts
8
Origins
8
Source types
1
Duplicate ratio
0%
Why now
- The operation reflects an evolution in cybercrime disruption tactics targeting entire attack supply chains.
- Amadey and StealC remain pervasive threats enabling credential theft and malware delivery worldwide.
- Public-private partnerships are critical to dismantling complex cybercrime ecosystems at scale.
Why it matters
- Disrupting malware infrastructure reduces cybercriminals' ability to launch ransomware and fraud attacks.
- Recovering stolen credentials and blocking crypto assets limits attacker profits and victim impact.
- Coordinated multi-tool takedowns increase operational friction for cybercriminals, enhancing defense effectiveness.
LLM analysis
Topic mix: lowPromo risk: lowSource quality: high
Recurring claims
- Amadey and StealC malware infrastructure was disrupted in a coordinated global law enforcement and private sector operation.
- The operation recovered 27 million stolen credentials and blocked $47 million in cryptocurrency assets.
- Microsoft and partners used a novel approach by simultaneously disrupting multiple cybercrime tools to increase operational friction for attackers.
How sources frame it
- Microsoft Digital Crimes Unit: neutral
This operation exemplifies a shift towards coordinated, multi-faceted disruption of cybercrime ecosystems, emphasizing the importance of public-private partnerships.
All evidence
All evidence
The Hacker News - Amadey and StealC malware network disrupted
thehackernews.com · thehackernews.com · 2026-06-24 15:59 UTC
Three ‘cybercrime as a service’ operations undercut by Microsoft, law enforcement
The Record (Recorded Future News) · therecord.media · 2026-06-24 20:00 UTC
Infostealers StealC and Amadey Disrupted in Police Crackdown
BankInfoSecurity · bankinfosecurity.com · 2026-06-24 18:58 UTC
Microsoft and Allies Smash Shared Infrastructure of Amadey and StealC Malware
SecurityWeek · securityweek.com · 2026-06-24 15:02 UTC
Amadey, StealC malware operations disrupted in Operation Endgame action
bleepingcomputer_all · bleepingcomputer.com · 2026-06-24 14:35 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 5Origin domains: 5Duplicates: -
Showing 5 / 0
Top publishers (this list)
- thehackernews.com (1)
- The Record (Recorded Future News) (1)
- BankInfoSecurity (1)
- SecurityWeek (1)
- bleepingcomputer_all (1)
Top origin domains (this list)
- thehackernews.com (1)
- therecord.media (1)
- bankinfosecurity.com (1)
- securityweek.com (1)
- bleepingcomputer.com (1)