general · BleepingComputer
Microsoft, Europol, and international law enforcement partners have disrupted infrastructure supporting the Amadey and StealC malware operations in Operation Endgame. The coordinated action took down 326 servers and 142 domains across agencies in Canada, Denmark, Germany, the Netherlands, the United Kingdom, and the United States. Investigators recovered approximately 27 million credentials stolen from over 385,000 compromised systems and identified more than €41 million in cryptocurrency linked to criminal activity. Amadey is a botnet used for initial network access and malware deployment; StealC is an infostealer targeting credentials, cryptocurrency wallets, and sensitive data commonly sold to other threat actors via initial-access brokers.
For Omniware's buyers, this disruption underscores the ongoing threat from credential-harvesting malware and the supply-chain risk of compromised initial access. Defense contractors handling CUI should assume their personnel credentials remain circulating in underground markets and review access controls accordingly. SaaS teams subject to SOC2 examinations should document their response to potential credential compromise and demonstrate monitoring for suspicious lateral movement. Healthcare providers under HIPAA should verify that any breached employee credentials have not enabled unauthorized access to protected health information. An Omniware engagement can scope detection and response strategies for these scenarios in detail.
Source: BleepingComputer - https://www.bleepingcomputer.com/news/security/amadey-stealc-malware-operations-disrupted-in-operation-endgame-action/
Source: BleepingComputer
All briefings