A coordinated international law enforcement operation, in partnership with leading private cybersecurity firms, has dismantled the core infrastructure behind the Amadey and StealC malware families. Authorities seized control of 326 servers and 142 domains, recovering a staggering 27 million stolen credentials in the process.
The operation targeted the "assembly line" platforms cybercriminals use to distribute ransomware, commit financial fraud, and attack critical infrastructure, Europol stated. The public-private coalition included Bitdefender, Bitsight, ESET, and Microsoft.
The takedown represents a strategic shift in combating cybercrime by disrupting the shared supply chain rather than pursuing individual actors. Amadey operates as a malware loader, delivering malicious payloads to compromised systems. These payloads frequently include StealC, an information stealer designed to harvest sensitive data such as login credentials, cryptocurrency wallets, and personal files. By crippling this enabling infrastructure, law enforcement simultaneously disrupted numerous affiliated criminal campaigns.
The recovery of 27 million credentials underscores the industrial scale of modern credential harvesting, a primary attack vector threatening organizations globally. For the IT community, the clear takeaway is that while such disruptions provide crucial momentum against adversaries, they are temporary setbacks. Criminal infrastructure is often rebuilt and rebranded, making organizational resilience—through robust access controls, multi-factor authentication, and vigilant monitoring—the permanent, non-negotiable line of defense.
This successful model of cross-sector collaboration demonstrates an effective approach for confronting borderless cyber threats. However, the long-term sustainability of such complex, cross-jurisdictional operations and the lasting impact on the cybercrime ecosystem remain to be assessed.
國際執法機構與領先的私營網絡安全公司合作,成功瓦解 Amadey 及 StealC 惡意軟件家族背後的核心基礎設施。當局取得 326 台伺服器及 142 個域名的控制權,並在過程中追回高達 2700 萬組被盜憑證。
歐洲刑警組織表示,是次行動針對網絡犯罪分子用於分發勒索軟件、進行金融欺詐及攻擊關鍵基礎設施的「流水線」平台。參與的公私聯盟包括 Bitdefender、Bitsight、ESET 及微軟。
這次瓦解行動代表著打擊網絡犯罪的策略轉變,透過破壞共享的供應鏈,而非追蹤個別犯罪者。Amadey 作為惡意軟件載入器運作,負責將惡意載荷投送至受感染系統。這些載荷通常包含 StealC 資訊竊取軟件,專門設計用以竊取登入憑證、加密貨幣錢包及個人檔案等敏感數據。透過癱瘓這項關鍵支援設施,執法部門同時瓦解了多項關聯的犯罪活動。
追回的 2700 萬組憑證凸顯了現代憑證竊取作業的工業化規模——這已成為威脅全球組織的主要攻擊向量。對資訊科技界而言,明確的啟示是:儘管此類行動為對抗對手提供了關鍵動力,但它們只是暫時的挫敗。犯罪基礎設施往往會重建和改頭換面,因此透過強健的存取控制、多因素認證及警覺監控所建立的組織韌性,才是永續且不可妥協的防線。
這次成功的跨領域合作模式,展示了應對無國界網絡威脅的有效方法。然而,此類複雜的跨司法管轄區行動的長遠可持續性,及其對網絡犯罪生態的持久影響,仍有待評估。