The US Department of Justice, in collaboration with international law enforcement partners, has launched a major crackdown on RedLine and META, two of the world’s most prolific infostealer malware variants responsible for stealing sensitive data from millions of victims worldwide.
In partnership with the Netherlands, Belgium, Eurojust, and other global agencies, the Department of Justice announced an extensive international operation aimed at dismantling the infrastructure supporting RedLine and META infostealers. This joint effort, coordinated through Europol’s Joint Cybercrime Action Taskforce (JCAT) and dubbed “Operation Magnus,” involved the seizure of domains, servers, and Telegram accounts utilized by the malware operators.
Infostealers like RedLine and META are a real threat. They enable bad actors to harvest critical information from infected computers, including usernames, passwords, financial data, system information, and cryptocurrency credentials. This stolen data—often sold on underground forums and used in other cyberattacks—allows malefactors to bypass multi-factor authentication (MFA) protections by stealing authentication cookies and other system data.
RedLine and META operate as Malware-as-a-Service (MaaS), where affiliates buy access to the malware and deploy it in a variety of ways, including malvertising, phishing, and deceptive software downloads. These tactics have led to millions of compromised devices globally, making RedLine one of the most notorious malware variants to date.
Investigative efforts have allowed law enforcement to retrieve substantial data stolen through these malicious tools, though officials believe the full scope of compromised information is still under investigation. In the US, law enforcement seized two domains used for the malware’s command and control operations, targeting the networks behind the infostealers.
The Justice Department also unsealed charges against Maxim Rudometov, who was identified as a developer and administrator for RedLine Infostealer. Rudometov, who allegedly maintained the malware’s infrastructure and managed related cryptocurrency accounts, faces charges of access device fraud, conspiracy to commit computer intrusion and money laundering. If convicted, he could face up to 35 years in prison.
The FBI’s Austin Cyber Task Force is investigating the case in partnership with agencies, including the Naval Criminal Investigative Service, IRS Criminal Investigation, Defense Criminal Investigative Service, and Army Criminal Investigation Division.
Operation Magnus reflects the ongoing commitment of international law enforcement to combat sophisticated cyber threats. Authorities have established a public resource site at www.operation-magnus.com to provide additional information for potential victims and the general public.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.