Authorities and tech firms have jointly disrupted two prominent cybercrime tools, Amadey and StealC, which work together in a criminal ‘assembly line’ to gain device access and steal sensitive information. The action recovered millions in stolen assets and crippled infrastructure across thousands of infected computers.
- Over 200 command servers disabled, 18,000+ infected devices freed
- 27 million stolen credentials recovered, $47 million in crypto assets seized
- Collaboration spanned law enforcement and major cybersecurity firms
What happened
An international coalition of law enforcement agencies and technology companies conducted a coordinated takedown of two widely used cybercrime platforms: Amadey, a malware-as-a-service tool, and StealC, an infostealer-as-a-service. These platforms provided attackers with capabilities to infect devices, deliver ransomware, and steal a vast array of sensitive data, including passwords and cryptocurrency wallets.
Through AI-driven analysis, Microsoft identified that these tools shared significant underlying infrastructure despite operating independently. This insight enabled a legal strategy under RICO laws, treating both platforms as part of a single criminal enterprise. The operation resulted in shutting down over 200 control servers, disconnecting more than 18,000 compromised computers, and disrupting the cybercrime ‘assembly line’ that enabled large-scale ransomware and fraud operations.
Why it matters
The significance of this action lies in the simultaneous disruption of multiple linked cybercrime tools, which has increased the difficulty for criminals to operate and recover quickly from setbacks. By targeting the integrated infrastructure supporting Amadey and StealC, authorities made a substantial dent in the ecosystem that facilitates ransomware, identity theft, and financial fraud.
This operation extracted an estimated 27 million stolen credentials and $47 million in illicit cryptocurrency, highlighting the scale and profitability of these criminal tools. It also demonstrated the effectiveness of collaboration between governments, private sector cybersecurity experts, and AI technology in addressing complex cybercrime challenges.
What to watch next
Following this successful disruption, stakeholders will likely monitor how cybercriminals adapt to the takedown of Amadey and StealC infrastructure. There is potential for the emergence of new or modified malware services that attempt to fill the void left by these platforms, requiring continued vigilance and rapid response.
Enforcement agencies and cybersecurity companies are expected to maintain and expand partnerships to share intelligence and deploy coordinated actions against evolving threats. The involvement of countries including the US, Canada, UK, Germany, and others indicates a growing international consensus on prioritizing cybercrime dismantlement operations in the coming years.