In the course of Operation Magnus, the FBI has partnered with various international law enforcement agencies to seize the servers, software, and source code of the RedLine and Meta thieves as part of an investigation into these two cyber-crime rings. RedLine's developer has been charged with a series of crimes by US authorities, including tax evasion and money laundering. 

Evidence suggests that the thieves allegedly stole millions of unique credentials from victims across the globe in the past year. There are several international agencies, including the US Department of Justice (DoJ) as well as the Intelligence Bureau — as well as the Dutch National Police, the Belgian Federal Police, the Belgium Federal Prosecutor's Office, the UK National Crime Agency, the Australian Federal Police, the Portuguese Federal Police, and Eurojust — that were involved in the October incident. 

According to authorities, the cybercriminal group responsible for the stealers has been disrupted by the incident, which they claim to be "pretty much the same" malware on the operation's website that disrupted the group's operations. There was an increased likelihood that RedLine and Meta would be able to steal personal information from infected devices. It is important to note that the data was compiled in a way that included saved usernames and passwords and automatically saved form data, such as addresses, email addresses, phone numbers, cryptographic wallets, and cookie information. 

As soon as the info thieves recovered the personal information, they sold the information to other criminals through criminal marketplaces so that they can make use of the information. A criminal syndicate that purchased the personal data the attacker used to steal money, and cryptocurrency, as well as carry out follow-on hacking activities in the future. According to the Dutch National Police, the Redline and Meta malware operations have been targeted as part of Operation Magnus, which comes as a warning to cybercriminals that their data is now in the hands of law enforcement officials. There was an announcement on a dedicated website regarding Operation Magnus, which disclosed the disruption of Redline and Meta operations. In addition, it was reported that legal action is currently being taken against the hacker organizations using the seized data. 

According to a brief announcement posted on the Operation Magnus site, on October 28th, 2024, the Dutch National Police, in coordination with the FBI and other members of the international law enforcement task force Operation Magnus, disrupted the operations of the Redline and Meta info stealers. Information thieves are a very common form of malware that is used to steal sensitive data from victim's computers such as usernames and passwords, financial information, system information, and even cookies and cryptocurrency accounts. 

There is a way for the stolen information—already known as "logs" in cybercrime circles—to be sold on cybercrime forums and used for further fraudulent activities and other attacks. A number of major corporations have been targeted using RedLine as a method to conduct intrusions. Cybercriminals have also discovered that RedLine and META infostealers can allow them to bypass multi-factor authentication (MFA) by accessing authentication cookies and other information that is not required by the security system. This particular form of malware, RedLine, as well as META, is sold via a decentralized Malware as a Service ("MaaS") model, in which affiliates purchase licenses for them to use the malware, and then launch their own campaigns to spread it to their intended targets. 

In order to spread the malware, it is distributed through malvertising, e-mail phishing, fraudulent software downloads, and malicious software sideloading through the use of malicious advertising. Law enforcement agencies have successfully dismantled operations associated with RedLine and META, two widespread malware variants involved in stealing sensitive information on a global scale. Deceptive schemes, such as fake COVID-19 updates and fraudulent Windows updates, were used to lure victims into downloading these malicious programs. Both RedLine and META malware have been advertised across cybercrime forums and Telegram channels, with sellers offering ongoing customer support and software updates. 

The malware has infected millions of computers worldwide, and RedLine is considered one of the most prevalent malware types in circulation. Through a detailed investigation, authorities have gathered extensive logs containing data stolen from infected devices, identifying millions of unique credentials, including usernames, passwords, email addresses, bank accounts, cryptocurrency addresses, and credit card numbers. However, investigators believe there may be additional stolen data yet to be uncovered. 

A warrant issued in the Western District of Texas has authorized law enforcement to seize two domains used by RedLine and META for command and control purposes. The U.S. Department of Justice unsealed this warrant, marking a significant step in disrupting the malware’s infrastructure. According to Recorded Future’s Identity Intelligence metrics, RedLine has enabled the theft of nearly a billion credentials since its inception. A joint report from Specops and KrakenLabs further estimates that RedLine facilitated the theft of over 170 million passwords in just six months. 

These stolen credentials are frequently sold to other cybercriminals, who exploit them to infiltrate corporate networks as part of larger cyberattack operations. The misuse of compromised credentials has contributed to several high-profile breaches, including the Snowflake data theft attacks and the Change Healthcare ransomware attack, which severely impacted the U.S. healthcare system. The investigation is ongoing as authorities work to recover stolen data and prevent further damage caused by this malware.