In a significant blow to cybercrime, Dutch-led law enforcement agencies have taken out the RedLine and Meta infostealer malwares that affected millions globally. This action, dubbed Operation Magnus, involved cooperation from agencies in Australia, Europe, the UK, and the US.
The operation resulted in the seizure of three servers in the Netherlands, the shutdown of two malicious websites, and two arrests in Belgium. On top of that, US authorities have charged Maxim Rudometov, alleged developer of RedLine, with device access fraud, conspiracy to commit computer intrusion, and money laundering.
RedLine and Meta malware have been notorious for stealing personal information, including usernames, passwords, cryptocurrency data, and cookies. This data ends up on the dark web, where it fuels further theft and cyber attacks. Paul Foster, deputy director of the National Cyber Crime Unit, pointed out how these ‘as-a-service’ models make it easy for less skilled criminals to wreak havoc. He emphasized that tackling this issue requires international collaboration to dismantle the infrastructure supporting these cybercriminals.
The Joint Cybercrime Action Taskforce and Eurojust have backed this operation following a comprehensive investigation. Victims reported their experiences, and investigators from Eset alerted Dutch authorities about the malware’s command-and-control servers located there. Operation Magnus has also uncovered a database of clients linked to RedLine and Meta, which could aid further investigations.
For those who suspect they’ve been targeted by these infostealers, resources are available on the Operation Magnus microsite, which features a detection tool from Eset.
Vlad Mironescu, an analyst from Searchlight Cyber, noted that infostealer malware is a favorite among cybercriminals, allowing them to harvest sensitive data from infected machines. This stolen information frequently gets sold on dark web forums. While RedLine and Meta were significant threats, countless other infostealers still exist, meaning operations like this, while impactful, won’t eliminate the threat entirely. However, taking down these specific malware strains and their developers could have a lasting effect.
The microsite even includes a video that taunts the infostealer operatives and hints at more information to come. Mironescu highlighted that these tactics are increasingly common in law enforcement’s strategy to undermine cybercriminals’ standings within their communities. He pointed out that an account seemingly linked to Operation Magnus even joined a notorious dark web hacking forum to share the video.
This approach, combining direct action with reputational damage, sends a clear message: cybercriminals are not beyond the reach of law enforcement.