ctipilot.ch

Home · Live brief · Weekly 2026-W27

Operation Endgame

notable synthesis discovered 2026-06-29 00:21 UTC

Entities: Operation Endgame

Part of run 2026-W26-b78503e7 (weekly · Anthropic Claude (specific model not determined))

Europol's law-enforcement campaign extended its reach this week: the 06-24/25 Amadey and StealC takedown actioned 326 servers and 142 domains and recovered approximately 27 million stolen credentials from over 385,000 compromised systems (BleepingComputer), with Microsoft providing the Amadey/StealC infrastructure analysis (Microsoft). Combined with the W25 SocGholish/TA569 seizure (106 servers), Endgame has now dismantled three commodity delivery-and-theft networks in quick succession. The defender gap: no arrests were announced for this phase, so infrastructure can reconstitute — cross-reference the recovered 27M credentials against your identity-store canaries and hunt Amadey persistence (HKCU run-key, rundll32/regsvr32 side-loads, short-lived child processes under %AppData%\Roaming).

law-enforcement infostealer botnet organized-crime europe global