Operation Endgame Disrupts StealC and Amadey Malware Networks

On June 24, 2026, Operation Endgame successfully disrupted the StealC and Amadey malware infrastructures, targeting 66 domains and 296 servers linked to these cybercrime tools. This operation, coordinated by Microsoft and various law enforcement agencies, aimed to dismantle the networks used for credential theft and ransomware deployment. The disruption resulted in the seizure of over 25.6 million stolen credentials and is expected to significantly impact the operations of both malware families. Amadey, a botnet known for distributing additional malware, and StealC, an infostealer, have been active since 2018 and 2023, respectively. The collaborative effort involved multiple private sector partners, including IBM X-Force and Proofpoint, highlighting the growing threat posed by malware-as-a-service models. The operation is anticipated to cause reputational and financial damage to the cybercriminals involved.

Key Points: • Operation Endgame disrupted 66 domains and 296 servers linked to StealC and Amadey. • Over 25.6 million stolen credentials were seized during the operation. • The disruption is expected to significantly impact the operations of both malware families.