A joint law enforcement operation dubbed ‘Operation Magnus’ involving authorities from the Netherlands, the US, the UK, Belgium, Portugal, and Australia, as well as Europol and Eurojust, has taken down the infrastructure of the infamous RedLine and Meta data-stealing malware families.
Active since 2020, RedLine is a well-known ifostealer linked to several high-profile cyber incidents, including the 2022 Uber hack. Meta is a newer but similarly designed info-stealer. Both tools are able to exfiltrate user credentials, including usernames, passwords, email addresses, bank accounts, cryptocurrency wallet information, and credit card numbers.
The Dutch National Police said that they had gained “full access” to the servers used by RedLine and Meta. As part of the operation, Dutch authorities took down three servers within the Netherlands and seized two domains linked to the info-stealers. In Belgium, two suspects were taken into custody. Investigators uncovered over 1,200 servers across dozens of countries that were operating either the RedLine or Meta info-stealers.
Law enforcement also recovered a database containing the identities of RedLine and Meta’s clients.
Simultaneously, the US authorities unsealed charges against Maxim Rudometov, who is believed to be a primary developer and administrator of the RedLine info-stealer. The complaint alleges that Rudometov regularly accessed and managed the RedLine infrastructure and used cryptocurrency accounts to receive and launder payments derived from the malware’s deployment. He now faces multiple charges, including access device fraud, conspiracy to commit computer intrusion, and money laundering. If convicted, Rudometov could serve up to 35 years in prison.