Microsoft and BKA Take Down Over 200 Hacker Servers

Cybercriminals are facing increasing pressure from international law enforcement agencies. In a large-scale joint operation, Microsoft, Germany's Federal Criminal Police Office (BKA), Europol, and other international partners achieved a major success in the fight against organized cybercrime. More than 200 servers used to coordinate cyberattacks around the world were taken offline.

Microsoft and Law Enforcement Dismantle Key Hacker Infrastructure

A coordinated international operation has dealt a significant blow to organized cybercrime. Working alongside Germany's Federal Criminal Police Office (BKA), Europol, and several international law enforcement agencies, Microsoft successfully disrupted more than 200 command-and-control (C2) servers. These servers acted as central hubs that allowed cybercriminals to remotely control infected computers and distribute malware across the globe.

By taking down this infrastructure, investigators cut off the attackers' control over more than 18,000 identified infected devices. Cybersecurity experts describe the operation as one of the most significant international successes against professional hacking groups in recent years.

Amadey and StealC Malware Targeted

The investigation focused primarily on two well-known malware families: Amadey and StealC, both widely used by cybercriminal organizations.

Each malware strain plays a different role during an attack:

• Amadey functions as a malware loader, providing attackers with initial access to compromised systems.
• StealC is then deployed to steal passwords, login credentials, browser cookies, cryptocurrency wallet data, and other sensitive information from infected devices.

Security researchers estimate that the two malware families were involved in more than 140,000 infections during a single analysis period in May 2024. The United States and Germany were among the countries most heavily affected. The stolen information is often sold on dark web marketplaces or used to launch additional cyberattacks.

Artificial Intelligence Accelerated the Investigation

One of the most notable aspects of the operation was Microsoft's use of artificial intelligence.

AI-powered analysis enabled security experts to examine complex malware code within minutes—a process that previously required several days of manual investigation.

The technology also revealed that multiple cybercriminal groups were sharing the same infrastructure. This insight allowed investigators to identify links between different threat actors and coordinate a more effective takedown of their command-and-control servers.

RICO Law Helped Target the Entire Criminal Network

Another important element of the operation was the application of the U.S. Racketeer Influenced and Corrupt Organizations (RICO) Act.

Originally designed to combat organized crime, the law allows authorities to pursue entire criminal organizations instead of focusing solely on individual offenders. This legal framework enabled Microsoft and its law enforcement partners to target the broader cybercriminal network and dismantle the infrastructure supporting multiple hacking groups.

International Cooperation Was the Key to Success

The success of the operation was made possible through close cooperation between Microsoft, Europol, Germany's BKA, and several additional law enforcement agencies across Europe and the United States.

Microsoft provided advanced technical expertise and malware analysis, while Europol's European Cybercrime Centre (EC3) coordinated the international investigation. Germany's BKA supported the identification and seizure of servers and worked closely with partner agencies throughout Europe. The operation is closely linked to the broader international initiative known as Operation Endgame, which focuses on disrupting major botnet infrastructures.

What This Means for Businesses and Individuals

Although shutting down more than 200 hacker-controlled servers significantly weakens cybercriminal operations, cybersecurity experts caution that the threat has not disappeared. Criminal groups often rebuild their infrastructure quickly or migrate to new servers and malware platforms.

Organizations and individual users should therefore continue to prioritize cybersecurity by installing security updates promptly, using reputable antivirus software, enabling multi-factor authentication (MFA), and remaining cautious when opening emails, clicking links, or downloading files from unknown sources.

Conclusion

The joint operation carried out by Microsoft, Germany's Federal Criminal Police Office (BKA), Europol, and other international partners demonstrates how effective collaboration between technology companies and law enforcement agencies can be in combating cybercrime.

By taking down more than 200 command-and-control servers and disrupting access to approximately 18,000 infected devices, investigators significantly weakened the infrastructure of multiple dangerous cybercriminal groups.

The operation also highlights the growing role of artificial intelligence in modern cybersecurity investigations. While cybercriminals continue to evolve their tactics, this successful international effort shows that law enforcement and the private sector are becoming increasingly capable of responding to sophisticated digital threats.