Amadey and StealC Malware Network Disrupted, 27M Stolen Credentials Recovered

A coordinated law enforcement operation, in partnership with private sector companies, including Bitdefender, Bitsight, ESET, and Microsoft, has resulted in the takedown of criminal infrastructure powering Amadey and StealC. "The main common goal was to disrupt the 'assembly lines' cybercriminals use to launch ransomware, financial fraud, and attacks on critical infrastructure," Europol said in

The article reports on Operation Endgame, a coordinated law enforcement and private-sector action (including Microsoft, Bitdefender, Bitsight, and ESET) that dismantled infrastructure used by the Amadey loader and StealC infostealer, seizing 326 servers, 142 domains, and recovering roughly 27 million stolen credentials.[1][2][3][4][5][6] These malware families operated as cybercrime services, delivering ransomware, financial fraud tools, and attacks on critical infrastructure, and some of the disruption work used AI-assisted tooling (e.g., Microsoft Copilot) to analyze malware binaries at scale.[2][6] From a CyberSE.AI perspective, the case illustrates how AI-enabled analysis can meaningfully support large-scale takedowns, but also highlights the ongoing risk that similar “malware-as-a-service” ecosystems can weaponize AI for more efficient credential theft, targeting enterprise identity systems and AI-access credentials. Organizations should implement continuous AI-focused red teaming to test how their AI agents and supporting infrastructure could be abused with stolen credentials or malware tooling, and use AI CISO advisory services to align identity, logging, and incident respon