The RedLine and Meta infostealer malwares which have victimised hundreds of thousands of individuals worldwide have been taken down in a Dutch-led international legislation enforcement motion uniting businesses from Australia, Europe, the UK and the US.
Operation Magnus, which was supported by the Nationwide Crime Company (NCA), noticed three servers seized within the Netherlands, two malicious net domains shut down and two arrests made in Belgium.
Moreover, the US authorities have unsealed expenses towards alleged RedLine developer and admin, Maxim Rudometov, accusing him of gadget entry fraud, conspiracy to commit pc intrusion and cash laundering.
The 2 associated malwares had been used to steal private information, together with usernames and passwords, monetary info together with cryptocurrency information, and system information together with cookies from contaminated units. This was subsequently bought on to different malicious actors by way of darkish net markets, the place it was used for theft and to hold out follow-on cyber assaults.
NCA Nationwide Cyber Crime Unit head, deputy director Paul Foster, mentioned: “Redline and different ‘as-a-service’ fashions present an all-inclusive and simply accessible approach for much less technically expert cyber criminals to trigger critical hurt to victims all over the world.
“These companies are supported by a legal ecosystem comprising a spread of instruments, infrastructure, monetary companies, marketplaces and boards,” he mentioned.
“Worldwide collaboration corresponding to that is key to figuring out and taking out the assorted parts of this ecosystem and finally making it harder for cyber criminals to function.”
The Joint Cybercrime Motion Taskforce (JCAT) and Eurojust-supported motion is the results of a prolonged investigation that started when various victims got here ahead, and researchers at Eset notified the Dutch authorities that the malwares’ command-and-control (C2) server infrastructure gave the impression to be situated within the Netherlands.
Operation Magnus has additionally resulted within the discovery and seizure of a database of RedLine and Meta “purchasers” that’s for use towards them. Laptop Weekly understands the NCA is in possession of related information and is scoping out alternatives to convey extra cyber criminals to justice.
These involved they could have fallen sufferer to both the RedLine or Meta infostealers can go to the Operation Magnus microsite, the place they will entry a detection and scanning device developed by Eset.
Searchlight Cyber risk intel analyst Vlad Mironescu, mentioned: “Infostealer malware is an extremely in style device for cyber criminals, which works by infecting machines and harvesting delicate info and credentials. We routinely observe this information being bought in bulk on darkish net boards and marketplaces, in addition to the sale and improvement of infostealer strains among the many cyber legal neighborhood.
“RedLine and Meta had been in style strains however sadly there are various extra on the market, so from a sensible perspective this gained’t cease cyber criminals getting their fingers on infostealers. Nonetheless, within the case of this operation, the symbolic significance of taking out these malware strains and a few of the people behind them could have a longer-lasting impression.”
Trolls
The microsite additionally features a brief video taunting these concerned with the infostealer and trailing the discharge of extra info, paying homage to ways taken by these concerned within the Operation Cronos motion towards the LockBit ransomware crew earlier in 2024.
Mironescu noticed that the usage of such strategies towards cyber criminals was changing into more and more widespread as a method of isolating them from their friends and destroying their reputations.
“On this case, we have now even noticed an account that seems to be run by Operation Magnus becoming a member of the infamous darkish net hacking discussion board XSS to share the video,” he mentioned. “These kinds of legislation enforcement operations are utilizing new methods to discredit the cyber criminals, alongside extra ‘conventional’ legislation enforcement strategies of seizing their infrastructure.
“Operation Magnus, like Operation Cronos earlier than it, sends a robust message to cyber criminals: you aren’t working past the attain of legislation enforcement,” mentioned Mironescu.
