Cybercrime

27M Stolen Credentials Recovered: How Law Enforcement Disrupted Amadey and StealC Malware Networks

June 25, 2026 3 min read Source

Trend Statistics

📊

** 27M

Stolen Credentials Recovered **

🔒

** 2

Malware Families Disrupted **

🤖

** Significant

Cybercrime Supply Chain Impact

Amadey and StealC Malware Network Disrupted, 27M Stolen Credentials Recovered

A coordinated law enforcement operation, in partnership with private sector companies, including Bitdefender, Bitsight, ESET, and Microsoft, has resulted in the takedown of criminal infrastructure powering Amadey and StealC. These two prolific malware families have been responsible for a significant portion of the global cybercrime landscape, enabling ransomware attacks, financial fraud, and breaches of critical infrastructure.

According to Europol, “The main common goal was to disrupt the ‘assembly lines’ cybercriminals use to launch ransomware, financial fraud, and attacks on critical infrastructure.” This landmark operation has dealt a major blow to the cybercriminal ecosystem, with the recovery of over 27 million stolen credentials and the disruption of the command-and-control infrastructure used to distribute these malware strains.

Dismantling the Malware Supply Chain

Amadey and StealC are known for their modular design, allowing cybercriminals to easily integrate them into their attack toolkits. These malware families have been used to deliver a wide range of payloads, from credential harvesting and information exfiltration to remote access and lateral movement within compromised networks.

The takedown of the Amadey and StealC infrastructure has disrupted the “assembly line” approach that cybercriminals have been leveraging to streamline their operations. By dismantling the core components of these malware networks, law enforcement and the private sector have effectively cut off a critical supply chain that fueled a significant portion of global cybercrime.

Implications for Cybersecurity Professionals

This coordinated effort serves as a reminder of the importance of cross-sector collaboration in the fight against cybercrime. By combining the expertise and resources of law enforcement, security vendors, and technology companies, the impact of this operation has been amplified, leading to the recovery of millions of stolen credentials and the disruption of active malware campaigns.

For cybersecurity professionals, this event highlights the need to stay vigilant and proactive in their defense strategies. Threat actors are constantly evolving their tactics, and staying ahead of the curve requires a deep understanding of emerging malware families, their capabilities, and the tactics, techniques, and procedures (TTPs) they employ.

Actionable Insights for IT Teams

To mitigate the ongoing threat posed by malware like Amadey and StealC, IT teams should consider the following best practices:

Implement Robust Credential Management: Ensure strong password policies, enable multi-factor authentication, and regularly audit user accounts to prevent credential-based attacks.
Enhance Network Monitoring and Visibility: Deploy advanced security tools and techniques, such as network traffic analysis and behavioral anomaly detection, to identify and respond to suspicious activities.
Foster Cross-Organizational Collaboration: Participate in industry-wide threat intelligence sharing initiatives to stay informed about the latest cybersecurity threats and trends.
Educate End-Users: Provide comprehensive security awareness training to empower employees to recognize and report potential phishing attempts or suspicious activities.

By adopting a proactive and collaborative approach, organizations can better protect themselves against the evolving landscape of malware-driven cybercrime.

Final Thoughts

The disruption of the Amadey and StealC malware networks is a significant victory in the ongoing battle against cybercrime. However, it also serves as a sobering reminder that the threat landscape continues to evolve, and cybersecurity professionals must remain vigilant and adaptable to stay ahead of the curve.

As organizations navigate the complex and ever-changing world of cybersecurity, the lessons learned from this operation can serve as a blueprint for effective collaboration, intelligence-driven defense, and a renewed commitment to protecting critical assets and infrastructure.

Frequently Asked Questions

What were the Amadey and StealC malware families responsible for?

The Amadey and StealC malware families were used by cybercriminals to enable ransomware attacks, financial fraud, and breaches of critical infrastructure.

How did law enforcement and the private sector disrupt these malware networks?

Through a coordinated operation, law enforcement partnered with companies like Bitdefender, Bitsight, ESET, and Microsoft to take down the command-and-control infrastructure powering Amadey and StealC, effectively disrupting the cybercrime supply chain.

What were the key outcomes of this operation?

The operation resulted in the recovery of over 27 million stolen credentials and the disruption of the malware families responsible for a significant portion of global cybercrime activities.

What can cybersecurity professionals learn from this event?

This event highlights the importance of cross-sector collaboration, robust credential management, enhanced network monitoring, and comprehensive security awareness training to mitigate the ongoing threat of malware-driven cybercrime.

How can organizations apply the lessons from this operation to strengthen their defenses?

Organizations can apply the lessons by implementing best practices such as strong password policies, multi-factor authentication, advanced security tools, and participation in threat intelligence sharing initiatives to stay ahead of evolving cybersecurity threats.