Key Findings: StealC You Later: Proofpoint and IBM X-Force Support Operation Endgame Disruptions | Proofpoint US
- Proofpoint and IBM X-Force supported a joint disruption as part of Operation Endgame, targeting the StealC ecosystem, a prominent information stealer.
- The operation was coordinated by Europol, and impacted 66 domains and 296 servers associated with both Amadey and StealC. More than 25.6 million unique credentials stolen from over 385k compromised systems were seized.
- A vulnerability in the StealC command and control panel discovered by researchers was used by law enforcement to support the operation.
- Proofpoint and IBM X-Force threat researchers developed a StealC emulator to identify and track operations, infrastructure, and payloads.
- In keeping with previous operations, a video was published on the Operation Endgame website.
![]()
Global cyber strike disrupts SocGholish, Amadey, and StealC malware networks – Coordinated actions take down criminal infrastructure; over EUR 41 million in criminal crypto assets seized | Europol
Europol together with partners from across the globe today announces a landmark blow to cybercriminal networks as part of Operation Endgame, a sweeping international operation targeting the criminal infrastructure behind ransomware and malware like SocGholish, Amadey, and StealC. In coordinated...www.europol.europa.eu
Participating countries and agencies in the action week against the three botnets:
- Canada: Royal Canadian Mounted Police (RCMP)
- Denmark: Danish Police (Politi)
- Germany: Federal Criminal Police Office (BKA)
- Netherlands: National High Tech Crime Unit (NHCTU)
- United Kingdom: National Crime Agency (NCA)
- United States
- Europol
- Eurojust
- Private Partners: Microsoft, the Shadowserver Foundation, Registrar of Last Resort (RoLR), Proofpoint, IBM X-Force, Infoblox, NorthWave, Orange Cyberdefense, Bitdefender, Have I Been Pwned (HIBP), Spamhaus