Mitsui Bussan Secure Directions (MBSD) Joins Microsoft-Led Take Down of the “Amadey” and “StealC” Malware as the Only Participating Company from Japan

Mitsui Bussan Secure Directions (MBSD) Joins Microsoft-Led Take Down of the “Amadey” and “StealC” Malware as the Only Participating Company from Japan

— Contributing to the Disruption of an Attack Infrastructure That Serves as a Launchpad for Infostealers and Ransomware —

The Cyber Intelligence Group (CIG) of Mitsui Bussan Secure Directions, Inc. (MBSD / Head Office: Chuo-ku, Tokyo; President and CEO: Daisen Suzuki) has become the only Japanese company to participate in an international joint project led by Microsoft to take down (disruption) the infrastructure behind the “Amadey” and “StealC” malware. 

“Amadey” is a loader-type (bot-type) malware that collects information from infected devices while pulling in additional malware, while “StealC” is an information-stealing malware (infostealer) that exfiltrates credentials and other data. Both have long been exploited worldwide as a starting point for data breaches and ransomware attacks. 

Beyond being used as standalone attack tools, these malware families are also distributed as part of Malware-as-a-Service offerings that provide functionality and access to criminals, creating the risk of being exploited in a wide range of cybercrimes. 

This action was taken pursuant to a lawsuit that Microsoft filed in the U.S. District Court for the Southern District of Florida, and was carried out against globally deployed Malware-as-a-Service cybercrime infrastructure. The infrastructure in question is reported to have been abused for purposes including financial fraud, account compromise, unauthorized use of applications and services, and theft of confidential information. 

The operation was carried out in cooperation with Microsoft, as well as law enforcement agencies including Europol EC3, Germany’s Federal Criminal Police Office, the Danish National Police, and the Dutch National Police, and private cybersecurity companies including ESET, BitSight, Lumen, IBM, and Proofpoint. MBSD participated in this effort as the only Japanese cybersecurity company. The response to StealC was conducted as part of Operation Endgame. 

MBSD’s CIG has continuously monitored Amadey’s C2 servers over a long period of approximately six and a half years. For this project, by drawing on the data and expertise we hold and by cooperating with Microsoft and other relevant agencies and companies, we helped bring the project to fruition. For a technical analysis of CIG’s long-term monitoring of Amadey’s C2 servers, please refer to this blog post.