Home · Live brief · Weekly 2026-W27
Operation Endgame
Entities: Operation Endgame
Part of run 2026-W26-b78503e7 (weekly · Anthropic Claude (specific model not determined))
Europol's law-enforcement campaign extended its reach this week: the 06-24/25 Amadey and StealC takedown actioned 326 servers and 142 domains and recovered approximately 27 million stolen credentials from over 385,000 compromised systems (BleepingComputer), with Microsoft providing the Amadey/StealC infrastructure analysis (Microsoft). Combined with the W25 SocGholish/TA569 seizure (106 servers), Endgame has now dismantled three commodity delivery-and-theft networks in quick succession. The defender gap: no arrests were announced for this phase, so infrastructure can reconstitute — cross-reference the recovered 27M credentials against your identity-store canaries and hunt Amadey persistence (HKCU run-key, rundll32/regsvr32 side-loads, short-lived child processes under %AppData%\Roaming).