# International Operation Cripples Key Malware Networks In a significant win against organized cybercrime, an international operation led by **Europol** and **Microsoft** has dismantled critical infrastructure supporting the distribution of **SocGholish**, **Amadey**, and **StealC** malware. Over the past two weeks, law enforcement agencies took down 326 servers and 142 domains, recovered €41 million ($47 million) in crypto assets of criminal origin, and reclaimed approximately 27 million stolen login credentials. ## Targeting the Cyberattack Supply Chain This operation represents a strategic shift in combating cybercrime, moving beyond individual services to target the entire 'cyberattack supply chain.' **Microsoft** emphasized this new approach in a recent blog post, stating, "This action goes after the cybercrime ‘assembly line,’ where coordinated tools drive ransomware, financial fraud, and disruptions to public services." ### The Malware Ecosystem Under Attack The disrupted malware strains play distinct but interconnected roles in the cybercrime ecosystem: * **StealC**: An infostealer, notorious for quietly exfiltrating passwords, cookies, and session tokens, often serving as an initial access vector for further intrusions. * **Amadey**: Primarily functions as a dropper, providing threat actors with initial access to networks to deploy additional malicious code. * **SocGholish**: Distributes malware by leveraging compromised websites to deliver fake browser updates, tricking users into installing malicious payloads. **Microsoft** researchers, utilizing artificial intelligence, identified that **Amadey** and **StealC** frequently leverage the same underlying infrastructure. Their combined takedown is expected to have an exponential impact, as **Amadey** typically facilitates initial breaches while **StealC** harvests sensitive data. **Europol** reported finding 14,971 infected websites, many belonging to everyday retailers, compromised by the **SocGholish** variant. This malware is linked to **Evil Corp.**, a notorious Russian cybercrime gang with a history of large-scale money laundering and ransomware activities. ## 'Disrupted Together' for Maximum Impact "When multiple parts of an operation are disrupted together, attacks are harder to launch, scale, and recover from," **Microsoft** noted. "The result: fewer disrupted services, fewer opportunities for cybercriminals to profit, and more friction when they try to rebuild." In the first two weeks of May alone, **Amadey** and **StealC** malware strains were tied to over 140,000 infected computers worldwide. The operation identified 18,000 victim computers, highlighting the pervasive reach of these 'pay-as-you-go' cybercrime services. **Microsoft** also published new research on **Amadey** and **StealC**, providing deeper insights into their mechanisms and the services that deliver them.