The Dutch National Police claimed on Monday that they had secured "full access" to all servers employed by the Redline and Meta infostealers, two of the most common cybercrime tools on the internet.
Infostealer malware is a major cybersecurity issue that is frequently sold as a malware-as-a-service tool. It infects users' devices and harvests information such as credit card numbers and autofill password data.
Cybercriminals who use the infostealer then bundle the information into logs, which are sold on credential marketplaces to fraudsters and other criminals looking to breach any organisations whose login information has been compromised.
Earlier this week on Monday, the Dutch National Police, in collaboration with the FBI and other partner agencies in the United States, Australia, and the United Kingdom, announced the disruption of these two infostealers on a website for "Operation Magnus," which includes a timer promising "more news" counting down to noon on Tuesday, Dutch local time.
A video on the site that mimics the criminals' own marketing claims that the police have supplied a "final update" for both the Redline and Meta infostealer strains, adding that the multinational operation "gained full access to all Redline and Meta servers." The video shows the depth of this access, including many administrator panels, the malware source code, and what appears to be a large number of usernames for people who use the malware-as-a-service tool.
“Involved parties will be notified, and legal actions are underway,” reads the site, while the video adds, alongside a graphic of cuffed hands: “Thank you for installing this update. We’re looking forward to seeing you soon.”
Cybercriminals find ways
In conjunction with the disruption operations, the US Justice Department unsealed charges against Maxim Rudometov, one of RedLine's developers and administrators.
According to the Attorney's Office for the Western District of Texas, Rudometov may face a maximum sentence of 35 years if convicted of access device fraud, conspiracy to commit computer intrusion, and money laundering.
This follows a series of operations by law enforcement agencies aimed at disrupting the activities of high-profile cybercrime groups around the world.
In December 2023, US officials seized the leak site of ALPHV/BlackCat, one of the most prolific ransomware collectives in recent years, in what was regarded as a severe blow to the outfit.
