In a novel maneuver for a disruption operation against cyber attackers, industry and law enforcement teamed up to conduct a court takedown of two widely-used criminal tools at once rather than individually, Microsoft said Tuesday.

The takedown simultaneously went after Amadey, a botnet that can serve as a malware delivery system, and StealC, an infostealer. Cybercriminals often use them in conjunction and they rely on the same infrastructure, Microsoft said.

“When multiple parts of an operation are disrupted together, attacks are harder to launch, scale, and recover from,” said Steven Masada, assistant general counsel for Microsoft’s Digital Crimes Unit. “The result: fewer disrupted services, fewer opportunities for cybercriminals to profit, and more friction when they try to rebuild. It’s no longer enough to go after threats one by one. We need to interrupt how the attacks are put together.”

Microsoft had been tracking Amadey with ESET, BitSight, Lumen and Mitsui Bussan Secure Directions. Meanwhile, Europol had been investigating StealC alongside law enforcement partners including Germany’s Federal Criminal Police Office and the Dutch and Danish National Police as well as IBM X-Force and Proofpoint.

They then joined forces and turned to the Racketeer Influenced and Corrupt Organizations (RICO) Act, used to help authorities go after organized crime, to disrupt more than 200 command-and-control servers. Microsoft said it gained insights from its artificial intelligence product Copilot that “allowed the legal team to treat both malware families as part of a single criminal conspiracy.”

Microsoft regularly leads court-authorized disruption operations, but the industry and law enforcement partnerships combined with AI to expand data collection and identify connections beyond what one company could normally do, it said.

Amadey and StealC were linked to more than 140,000 infected computers around the globe in the first week of May alone, the company said. StealC has ranked among the top infostealers for years since its emergence in 2023 and sells in underground forums as a malware-as-a-service. It’s typically used by Russia-linked groups.

Amadey dates back to 2018, and is also commonly employed by Russian groups, including in attacks on Ukraine.

Their interaction shows the assembly line-like structure of modern cybercrime, Microsoft said. Even if the cybercriminals behind both tools never coordinate, their tools are designed to work together, it said.

“StealC is an infostealer that collects sensitive data from browsers, cryptocurrency wallets, messaging applications, email clients, and gaming platforms,” the company wrote in a separate blog post. “It is a malware-as-a-service (MaaS) offering that threat actors use to generate customized payloads and manage stolen data through a centralized web panel. Meanwhile, Amadey is a MaaS loader that threat actors use to deliver StealC and other malware. Modular, pay-as-you-go models like StealC and Amadey allow threat actors to use a single initial infection to quickly escalate into multiple other threats.”

The post In a first, a court takedown goes after two cybercrime tools at once appeared first on CyberScoop.

Hundreds of C&C servers were disrupted in an operation involving law enforcement and several cybersecurity companies.

The post Microsoft and Allies Smash Shared Infrastructure of Amadey and StealC Malware appeared first on SecurityWeek.

Law enforcement and private partners took down 106 SocGholish C&C servers and domains as part of Operation Endgame.

The post 15,000 WordPress Websites Cleaned Up in SocGholish Botnet Takedown  appeared first on SecurityWeek.

The 13 websites purported to be affiliated with consulting companies that advertised job openings for current and former holders of security clearances

The post FBI Seizes 13 Websites That Officials Say Were Used by China to Target and Recruit US Workers appeared first on SecurityWeek.

Law enforcement and tech companies disrupted infrastructure linked to scammers operating across Southeast Asia.

The post Over 1.4 Million Accounts Disrupted in Cybercrime Crackdown appeared first on SecurityWeek.

Authorities in Europe arrested 29 alleged cybercriminals and took down more than 27,000 illegal streaming URLs that pirated major sporting events, films and TV programming, Europol said Wednesday.

The continent-wide collaboration, led by Bulgaria and the European Union’s police agency, allowed authorities to dismantle nine organized crime groups supporting the illicit streaming networks, officials said. “Operation Kratos 2” focused on disrupting the networks’ underlying infrastructure and stretched for seven months before coming to a close in April. 

Officials did not name the suspects, groups or services targeted during the crackdown, but noted that investigators identified key players responsible for managing and operating the piracy platforms.

Europol said the streaming sites infringed on nearly 850,000 media across 169 domains. 

“What appears to consumers as cheap access to premium content is powered by complex criminal enterprises,” the agency said in a news release. Illegal streaming site operators host separate servers for customer-facing websites and illegal content, and distribute their services across multiple countries.

During the course of the operation, officials conducted 148 house searches, identified 86 suspects and referred 59 cases to courts for criminal proceedings. 

Investigators also worked with private-sector partners to identify nearly 4,400 new domains and more than 18,000 IP addresses linked to piracy and other illegal activity. Those efforts allowed authorities to report almost 400,000 additional URLs for suspension or removal. 

Live sports piracy networks are widespread and consistently tracked by antipiracy coalitions and authorities globally. Authorities in Egypt last year shut down Streameast, the most popular and largest illegal live sports streaming network at the time, with an operation that spanned 80 domains and logged more than 1.6 billion visits during the year prior.

Operation Kratos 2 was supported by anti-piracy associations, UEFA Europa League, La Liga, beIN Media Group and officials from Belgium, Bulgaria, Croatia, France, Greece, Ireland, Italy, the Netherlands, Poland, Romania, Spain, the United Kingdom and the United States.

The post European authorities crack down on illegal streaming networks appeared first on CyberScoop.

The FBI says First VPN has been used by dozens of ransomware groups for network reconnaissance and intrusions.

The post ‘First VPN’ Cybercrime Service Disrupted, Administrator Arrested appeared first on SecurityWeek.

 Fox Tempest provides a service that cybercriminals use to distribute ransomware and other malware disguised as legitimate software.

The post Microsoft Disrupts Malware-Signing Service Run by ‘Fox Tempest’  appeared first on SecurityWeek.

Interpol coordinated an expansive investigation with 13 countries in the Middle East and North Africa to disrupt and take down cybercrime operations, including phishing services and tools, malware and scams. The law enforcement effort netted 201 arrests, led to the seizure of 53 servers and disrupted multiple cybercrime services, Interpol said Monday.

Operation Ramz, which the law enforcement organization said was the first large-scale effort of its kind in the region, also identified 382 suspects over a four-month period ending in February. The collective countermeasures allowed authorities to pin the various malicious activities to nearly 4,000 victims.

“In a world where cybercriminals exploit the digital landscape without borders, Operation Rams demonstrates the effectiveness of global collaboration,” Neal Jetton, Interpol’s director of cybercrime, said in a statement.

Police in Jordan tracked down a computer involved in financial fraud scams and, during a raid, found 15 people carrying out the scams who were later determined to be victims of human trafficking. The victims were recruited under false promises of employment from their home countries in Asia and had their passports confiscated upon arrival in Jordan, officials said. 

A pair of ringleaders behind the operation, who forced or coerced the victims to participate in the scheme, were arrested, according to Interpol. 

Law enforcement agencies in Algeria dismantled a phishing service by seizing a server and other devices linked to the operation. Moroccan authorities also seized multiple devices containing banking data and software for phishing operations.

Officials in Oman remediated a server containing sensitive information that was infected with malware, and compromised by vulnerabilities. Meanwhile, investigators in Qatar identified and secured multiple compromised devices that were being used, unbeknownst to their owners, of spreading malicious threats. 

Authorities involved in the months-long effort gathered almost 8,000 pieces of data that was shared among participating countries to support ongoing investigations.

Operation Ramz was supported by Algeria, Bahrain, Egypt, Iraq, Jordan, Lebanon, Libya, Morocco, Oman, Palestine, Qatar, Tunisia and the United Arab Emirates. Multiple companies and organizations also helped Interpol track illegal cyber activities and identify malicious servers, including Group-IB, Kaspersky, the Shadowserver Foundation, Team Cymru and Trend Micro. 

“Interpol is dedicated to working with its member countries and private sector partners to take down malicious infrastructure, disrupt criminal groups and bring perpetrators to justice,” Jetton said.

The post Interpol leads cybercrime crackdown across 13 countries in Middle East, North Africa appeared first on CyberScoop.

The second iteration of the German-speaking online crime marketplace had over 22,000 users and more than 100 sellers.

The post Resurrected ‘Crimenetwork’ Marketplace Taken Down, Administrator Arrested appeared first on SecurityWeek.

Authorities in 21 countries participated in a coordinated action against DDoS-for-hire services.

The post 53 DDoS Domains Taken Down by Law Enforcement appeared first on SecurityWeek.