Microsoft, alongside law enforcement and cybersecurity partners, has dismantled the shared infrastructure of two prominent malware strains, Amadey and StealC, in what CyberScoop describes as the first court-authorized takedown to target two cybercrime tools simultaneously. The operation, dubbed Operation Endgame by BleepingComputer, specifically went after command-and-control (C&C) servers central to both malware families.
According to SecurityWeek, hundreds of C&C servers were disrupted in the sweep. CyberScoop puts the figure at more than 200 servers taken down. These systems were often used in conjunction, enabling cybercriminals to deploy both Amadey and StealC in coordinated attacks. The dual-takedown marks a shift in enforcement strategy, targeting shared resources rather than individual malware strains.
Amadey is a loader malware commonly used to deliver secondary payloads like ransomware, while StealC is an information-stealing tool that harvests credentials and sensitive data. Their shared infrastructure allowed operators to streamline attacks. BleepingComputer notes that Operation Endgame focuses on cybercriminal services and ransomware gangs, indicating a broader push against the ecosystem that supports these threats.
Technical details on the specific exploit mechanisms or indicators of compromise were not disclosed in the available sources, though the disruption likely severs critical communication channels between infected machines and attacker-controlled servers. This could temporarily degrade the attackers' ability to update or command their botnets.
No patches or user-level mitigations are required, as the takedown targets backend infrastructure rather than client-side vulnerabilities. However, affected organizations may still need to scan for residual infections. Attribution for the malware operations was not specified in the source materials, leaving open the question of which threat actor groups were behind them.