The Dutch National Police, together with international partners, announced a failure in the infrastructure that fed two information thieves, who were tracked down as RedLine and MetaStealer.
The takedown, which took place on October 28, 2024, is the result of an international law enforcement task force codenamed Operation Magnus with the participation of the authorities of the USA, Great Britain, Belgium, Portugal and Australia.
Eurojust, in a statement published today, said the operation resulted in the shutdown of three servers in the Netherlands and the seizure of two domains. In total, more than 1,200 servers in dozens of countries are estimated to have been used to launch the malware.
As part of the effort, US authorities charged one administrator and Belgian police arrested two people, Politie reported. saidadding that one of them has already been released and the other remains in custody.
The US Department of Justice (DoJ) charged Maksim Rudametov, one of the developers and administrators of RedLine Stealer, with access device fraud, computer hacking conspiracy and money laundering. If convicted, he faces a maximum sentence of 35 years in prison.
“Rudametov regularly accessed and operated RedLine Infostealer’s infrastructure, was linked to various cryptocurrency accounts used to receive and launder payments, and possessed RedLine malware,” the Department of Justice said. said.
The investigation into the technical infrastructure of the information thieves began a year ago based on a report by the cyber security company ESET that the servers were located in the Netherlands.
Among the data seized were usernames, passwords, IP addresses, timestamps, registration dates and the source code of both malware. In tandem, several Telegram accounts linked to the stealing malware were disabled. Further investigation of their clients is ongoing.
“The RedLine and MetaStealer infostillers were offered to customers through these groups,” Dutch law enforcement said. “Until recently, Telegram was a service where criminals felt untouchable and anonymous. This action showed that this is no longer the case.”
It should be noted that MetaStealer’s purpose in Operation Magnus is different from MetaStealer malware which is known to target macOS devices.
Information stealers like RedLine and MetaStealer crucial cogs in the cybercrime circle, enabling threat actors power siphon and other sensitive information that can then be sold to other threat actors for subsequent attacks such as ransomware.
Hijackers are typically distributed via a malware-as-a-service (MaaS) model, meaning that the underlying developers rent access to the tools to other cybercriminals on a subscription or lifetime license basis.
