Authorities in Netherlands Disrupt Large Data Thieves RedLine and MetaStealer in Operation Magnus
The Netherlands Police, in collaboration with global partners, have revealed the disruption of the network supporting two data thieves identified as RedLine and MetaStealer.
The operation, occurring on October 28, 2024, is the outcome of a multinational law enforcement initiative named Operation Magnus, which engaged authorities from the U.S., the U.K., Belgium, Portugal, and Australia.
Eurojust, in a communiqué released today, stated that the operation resulted in the closure of three servers in the Netherlands and the seizure of two domains. Overall, an estimated 1,200 servers across various countries were utilized to operate the malware.
As a part of the operation, one individual has been indicted by U.S. authorities, and two individuals have been apprehended by Belgian law enforcement, as per a statement by Politie mentioned, with one of them subsequently released and the other remaining in custody.
The U.S. Department of Justice (DoJ) has filed charges against Maxim Rudometov, one of the developers and operators of RedLine Stealer, on counts of device access fraud, conspiracy to commit cyber intrusion, and money laundering. In case of conviction, he may face a maximum sentence of 35 years in prison.
“Rudometov routinely accessed and managed the RedLine Infostealer infrastructure, was linked to several cryptocurrency accounts utilized for receiving and laundering payments, and possessed the RedLine malware,” mentioned the DoJ in a statement.
An inquiry into the technical framework of the data thieves was initiated a year ago based on intelligence received from cybersecurity firm ESET indicating the servers were sited in the Netherlands.
The seized data encompassed usernames, passwords, IP addresses, timestamps, registration dates, and the source code of both the data thieves. Additionally, numerous Telegram accounts linked to the data thieving malware have been taken offline. Ongoing investigations target their clients.
“The data thieves RedLine and MetaStealer were available to clients through these channels,” stated Dutch law enforcement officials. “Until recently, Telegram was a platform where criminals operated with a sense of impunity and anonymity. This operation has proved otherwise.”
It should be noted that the MetaStealer targeted as part of Operation Magnus differs from the MetaStealer malware known for targeting macOS devices.
Data thieves like RedLine and MetaStealer play a crucial role in the cybercrime ecosystem, enabling threat actors to extract credentials and other sensitive data that can then be traded to other threat actors for subsequent attacks like ransomware.
Data thieves are typically disseminated through a malware-as-a-service (MaaS) framework, wherein the primary developers rent tool access to other cybercriminals either on a subscription agreement or a lifetime license basis.
About Author
