← Back to blog

Law Enforcement Dismantles Amadey and StealC Malware Networks, Recovers 27M Credentials

A major coordinated takedown involving Europol, Bitdefender, Microsoft, and other security firms has disrupted criminal infrastructure used to distribute Amadey and StealC malware. The operation recovered 27 million stolen credentials and targeted the malware supply chains fueling ransomware and financial fraud campaigns.

TL;DR

  • Europol and private security firms shut down Amadey and StealC malware networks used for credential theft and ransomware distribution
  • 27 million stolen credentials were recovered during the coordinated law enforcement operation
  • The takedown targeted the 'assembly lines' cybercriminals use to launch attacks on critical infrastructure and financial institutions
  • Bitdefender, Bitsight, ESET, and Microsoft partnered with law enforcement to dismantle the criminal infrastructure

A coordinated international law enforcement operation has successfully disrupted the infrastructure behind Amadey and StealC, two prolific malware families responsible for stealing credentials and enabling downstream attacks. The takedown, conducted in partnership with leading cybersecurity firms including Bitdefender, Bitsight, ESET, and Microsoft, represents a significant blow to the criminal ecosystem that supplies malware to ransomware operators and financial fraud networks.

The operation recovered approximately 27 million stolen credentials and targeted what Europol describes as the 'assembly lines' that cybercriminals rely on to orchestrate large-scale attacks. By dismantling these distribution networks, law enforcement has disrupted a critical link in the attack chain that threatens both private enterprises and critical infrastructure operators.

Scope of the Disruption

  • 27 million stolen credentials recovered from criminal infrastructure
  • Amadey and StealC malware networks targeted for their role in credential theft and malware distribution
  • Operation focused on disrupting the supply chain that feeds ransomware campaigns and financial fraud schemes
  • Coordinated effort involved Europol, Bitdefender, Bitsight, ESET, and Microsoft

Impact on Threat Landscape

  • Disruption of 'assembly lines' used to launch attacks on critical infrastructure
  • Reduced availability of stolen credentials for use in secondary attacks and account takeovers
  • Degradation of malware distribution channels relied upon by ransomware-as-a-service operations
  • Demonstrates effectiveness of public-private partnerships in combating organized cybercrime

Implications for Enterprise Security

  • Organizations should assume credentials may have been compromised and implement credential rotation protocols
  • Increased monitoring for lateral movement and unauthorized access attempts recommended
  • Reinforces importance of multi-factor authentication to mitigate credential theft impact
  • Highlights value of threat intelligence sharing between law enforcement and private security vendors

Sources

Sources

Security email updates

One digest email when we publish new security articles (TL;DR plus links to read more). Unsubscribe anytime from the message footer. See our Privacy Policy.

Law Enforcement Dismantles Amadey and StealC Malware Networks, Recovers 27M Credentials — Agent Breach Blog | Agent Breach