StealC and Amadey: Breaking down infostealers and the cybercrime services that deliver them
Microsoft DCU takes down StealC and Amadey infostealer infrastructure domains.
Summary
Microsoft's Digital Crimes Unit coordinated the takedown and blocking of infrastructure domains supporting StealC and Amadey infostealers on June 24, 2026. The action targeted the backbone of these cybercrime-as-a-service operations that deliver malware to victims. Microsoft published a technical analysis breaking down the capabilities and distribution mechanisms of both infostealers.
Full text
May 28 24 min read The Gentlemen ransomware: Dissecting a self-propagating Go encryptor Microsoft Threat Intelligence presents a comprehensive analysis of The Gentlemen, a Go-based ransomware deployed by affiliates of Storm-2697 that combines per-file ephemeral key encryption with an aggressive self-propagation module to deploy itself across an entire network using series of simultaneous lateral movement techniques per target.
Indicators of Compromise
- malware — StealC
- malware — Amadey
- malware — The Gentlemen