OPERATION Endgame, led by Europol on June 24, 2026, disrupted the SocGholish malware network and two associated groups, Amadey and StealC. This extensive operation targeted 326 servers and 142 domains, recovering approximately EUR 41 million in flagged cryptocurrency and 27 million stolen credentials. The SocGholish malware, linked to the Russian hacker group Evil Corp, has been used to access systems for ransomware activities since 2018.
The operation highlighted the cybercrime-as-a-service model, where affiliates utilized tools for infiltration and theft. Authorities advise affected WordPress site owners to change passwords and enhance security measures. The ongoing situation suggests that cybercriminals may quickly adapt and continue their operations.