Dutch Police Disrupt Main Information Stealers RedLine and MetaStealer in Operation Magnus
The Dutch Nationwide Police, together with worldwide companions, have introduced the disruption of the infrastructure powering two info stealers tracked as RedLine and MetaStealer.
The takedown, which happened on October 28, 2024, is the results of a global legislation enforcement activity drive codenamed Operation Magnus that concerned authorities from the U.S., the U.Ok., Belgium, Portugal, and Australia.
Eurojust, in a statement revealed at this time, mentioned the operation led to the shut down of three servers within the Netherlands and the confiscation of two domains. In complete, over 1,200 servers in dozens of nations are estimated to have been used to run the malware.
As a part of the efforts, one administrator has been charged by the U.S. authorities and two folks have been arrested by the Belgian police, the Politie said, including one among them has since been launched, whereas the opposite stays in custody.
The U.S. Division of Justice (DoJ) has charged Maxim Rudometov, one of many RedLine Stealer’s builders and directors, with entry machine fraud, conspiracy to commit pc intrusion, and cash laundering. If convicted, he faces a most penalty of 35 years in jail.
“Rudometov often accessed and managed the infrastructure of RedLine Infostealer, was related to numerous cryptocurrency accounts used to obtain and launder funds and was in possession of RedLine malware,” the DoJ said.
Investigation into the technical infrastructure of the knowledge stealers started a 12 months in the past primarily based on a tip from cybersecurity firm ESET that the servers are positioned within the Netherlands.
Among the many information seized included usernames, passwords, IP addresses, timestamps, registration dates, and the supply code of each the stealer malware. In tandem, a number of Telegram accounts related to the stealer malware have been taken offline. Additional investigation into their prospects is ongoing.
“The infostealers RedLine and MetaStealer had been provided to prospects through these teams,” Dutch legislation enforcement officers mentioned. “Till not too long ago, Telegram was a service the place criminals felt untouchable and nameless. This motion has proven that that is now not the case.”
It is value noting that the MetaStealer goal as a part of Operation Magnus is completely different from the MetaStealer malware that is recognized to focus on macOS units.
Data stealers reminiscent of RedLine and MetaStealer are crucial cogs within the cybercrime wheel, permitting menace actors to siphon credentials and different delicate info that might then be offered off to different menace actors for follow-on assaults like ransomware.
Stealers are sometimes distributed beneath a malware-as-a-service (MaaS) mannequin, which means the core builders hire entry to the instruments to different cybercriminals both on a subscription foundation or for a lifetime license.