The tech giant disrupts key malware tools Amadey and StealC, impacting over 140,000 devices globally
Category: Science
In a bold move to combat the growing threat of cybercrime, Microsoft has shifted its strategy to target the entire cyberattack supply chain rather than just individual tools. This new approach was highlighted on June 24, 2026, when the company announced the disruption of two widely used cybercrime tools, Amadey and StealC, which were found to rely on the same infrastructure. This simultaneous targeting marks a fundamental change in how Microsoft addresses the complex web of cybercriminal activities.
On June 24, 2026, Microsoft unsealed a case that showcased its innovative strategy against cybercrime. The operation focused on Amadey, a tool that helps attackers gain access to compromised devices, and StealC, which is used to steal passwords and sensitive information. Together, these tools form a key link in the cybercrime ecosystem. In the first two weeks of May 2026 alone, they were linked to more than 140,000 infected computers worldwide, underscoring their widespread use.
Working in collaboration with Europol and various industry partners, Microsoft was able to target both tools at once, aiming to disrupt what it described as the cybercrime "assembly line"—a coordinated system where multiple tools facilitate ransomware attacks, financial fraud, and public service disruptions.
Microsoft's Digital Crimes Unit utilized advanced AI technologies, including Copilot, to analyze the malware effectively. This AI-driven analysis allowed investigators to query complex code in plain English, significantly speeding up the process of identifying connections between the two malware families. The insights gained enabled the legal team to treat Amadey and StealC as parts of a single criminal conspiracy under the Racketeer Influenced and Corrupt Organizations Act (RICO), a law traditionally used to combat organized crime.
By leveraging AI, investigators were able to surface key details and hidden data in a fraction of the time it would have taken through manual analysis. This efficiency allowed Microsoft to disrupt more than 200 command-and-control servers—systems that cybercriminals use to control infected devices and execute attacks. The strategy reflects a shift from targeting individual tools to addressing the interconnected networks that underpin cybercrime.
This operation signifies a major evolution in the fight against cybercrime. Microsoft emphasized that cybercrime is no longer characterized by isolated attacks but is instead a coordinated ecosystem where specialized tools handle different stages of an attack. For example, one tool may gain access to a device, another steals credentials, and others exploit that access for various malicious purposes. By disrupting multiple points in the cybercrime chain simultaneously, Microsoft aims to reduce the likelihood that a single compromise escalates into widespread harm.
As Microsoft noted, "Fewer attacks succeed, and fewer people feel the impact when they do." This proactive approach targets the immediate threat and seeks to create sustained pressure on cybercriminals, making it increasingly difficult for them to launch and scale their operations.
Though this initiative marks a step forward in the fight against cybercrime, it is not without its challenges. Cybercriminals are known to adapt quickly, often finding new ways to rebuild their operations after disruptions. Microsoft's efforts to track these changes and incorporate findings into its automated disruption programs will be key in maintaining momentum against these threats. The goal is to not just dismantle a single operation but to make cyberattacks harder to execute, scale, and recover from.
Moving forward, Microsoft plans to continue its collaboration with law enforcement and industry partners to monitor and disrupt cybercriminal activities. The insights gained from this operation will be integrated into Microsoft's Statutory Automated Disruption program, which accelerates the removal of malicious domains and infrastructure. This comprehensive strategy aims to raise the cost of cybercrime, making it less profitable for criminals and reducing its impact on individuals and organizations.
This operation shows the value of collaboration in combating cybercrime and showcases the potential of AI in enhancing investigative processes. As cybercriminals continue to evolve, so too must the strategies employed to thwart their operations. The future of cybersecurity lies in the ability to adapt, innovate, and work together across borders and sectors to dismantle the systems that enable cybercrime.