In a major breakthrough against cybercrime, Europol and law enforcement agencies from several nations have dismantled critical infrastructure used by prominent malware, including StealC, Amadey, and SocGholish. This operation, termed Operation Endgame, marks a significant step in combating the ‘cybercrime-as-a-service’ model.
Coordinated Global Effort
Operation Endgame unfolded over two weeks, involving agencies from Canada, Denmark, Germany, the Netherlands, the United Kingdom, and the United States, supported by private sector firms like Microsoft and IBM X-Force. This coordinated effort successfully targeted and dismantled the infrastructure that enabled widespread ransomware attacks, credential theft, and financial fraud on a global scale.
The operation resulted in the seizure of 326 servers and 142 domains, severely disrupting malware distribution networks. Additionally, EUR 41 million in illicit crypto assets were identified and frozen, and law enforcement recovered 27 million stolen login credentials. The remediation of nearly 15,000 infected websites, including small businesses and other enterprises, was another significant achievement.
Malware and Tactics
StealC, an infostealer with dropper capabilities, was a central focus of this operation. It was designed to covertly extract passwords and other sensitive data from compromised systems, subsequently selling this information in underground markets. Amadey, often used alongside StealC, facilitated initial access to victims’ devices through phishing campaigns, creating a robust chain in the cybercriminal ecosystem.
In the early weeks of May 2026, Amadey and StealC were linked to over 140,000 computer infections globally, according to Microsoft’s threat intelligence. This highlights the extensive reach and impact of these malware families.
SocGholish and Evil Corp
SocGholish, another focus of the operation, was distributed through deceptive browser update pop-ups, primarily on compromised WordPress sites. This malware is connected to the notorious Russian cybercriminal group, Evil Corp, known for previous high-profile cyberattacks.
Efforts by the Dutch Police have already led to the patching of vulnerabilities on affected sites, with administrators advised to enhance security measures. Users are encouraged to avoid reacting to unsolicited pop-up updates and to use only verified sources for software updates.
Future Implications
Operation Endgame represents a significant shift in law enforcement’s approach to cybercrime, targeting the broader infrastructure rather than individual actors. This strategic move aims to dismantle the mechanisms enabling large-scale cyberattacks.
Europol’s European Cybercrime Center and the Joint Cybercrime Action Taskforce played pivotal roles in coordinating this extensive operation, reflecting a collaborative effort between public and private sectors to enhance cybersecurity globally.
Stay informed by following our updates on Google News, LinkedIn, and X.
