Based on reporting by The Hacker News →
Introduction
A coordinated international sweep has pulled the plug on the criminal infrastructure behind the Amadey botnet and the StealC information stealer, recovering roughly 27 million stolen credentials. This operation reveals something uncomfortable: malware is not the real threat—the reuse of those credentials is.
The problem
According to reporting from The Hacker News, a law enforcement operation coordinated by Europol, working with private-sector partners including Bitdefender, Bitsight, ESET, and Microsoft, has successfully disrupted the infrastructure that powers the Amadey malware loader and the StealC credential-stealing malware. The takedown resulted in the recovery of approximately 27 million stolen credentials. The operation’s stated goal, as quoted in Europol’s own statement, was to “disrupt the ‘assembly lines’ cybercriminals use to launch ransomware, financial fraud, and attacks on critical infrastructure.”
Consequences
When 27 million stolen usernames and passwords are circulating in the criminal underground, the downstream impact is staggering. These credentials are the raw fuel for credential-stuffing attacks against email, banking, SaaS applications, and corporate VPNs. Any organization whose employees used those passwords—even once—is now at elevated risk of account takeover, data exfiltration, or lateral movement. The malware’s original victims may have already been compromised, but anyone whose credentials appeared in that data is now exposed.