Police from several countries, including the Netherlands, the United Kingdom, Belgium and the United States, participated in an international police operation, according to press releases published on Tuesday, October 29. Called Magnus, it targeted Redline and META, two major cybercrime players.
Both are what we call “infostealers”, viruses designed to steal, from an infected computer, all the information that could be used for other criminal activities. Passwords and email addresses, connection cookies, bank details… This software searches the victim’s browser but also other programs for any element that could allow them to connect to an email box, an account on social networks , to a banking portal or even to a corporate network.
The two “thieves” targeted by this operation were important players in this ecosystem. In 2024, they will have allowed the theft of more than 227 million passwords, according to Dmitry Emilyanets, expert from the cybersecurity company Recorded Future. The authorities that participated in the operation affirm that the infrastructures of these groups were closed thanks to the seizure of three servers in Holland and two domain names. According to the Dutch police, several Telegram channels used by these groups to communicate with their clients were also seized.
accused suspect
In a press release, the US justice system announced, for its part, the identification and accusation of Maxim Rudometov, suspected of being one of the administrators of Redline. “Rudometov regularly accessed and managed the infrastructure of information thief Redline, and was associated with several cryptocurrency wallets used to receive and launder online payments with Redline”explains the Texas prosecutor’s office in the document. Appeared in 2020 and initially popularized in cybercriminal discussion forums, the software has earned an important place in the cybercriminal landscape.
In a video released Monday as part of Operation Magnus, authorities also claim to have obtained customer databases from Redline and META. They also say they are continuing the investigation to identify the hackers who used this software to steal personal information. “The video sends a strong message to criminals that an international coalition managed to obtain crucial data on their network”says Eurojust, the judicial cooperation unit of the European Union, in a press release. In Belgium, two people suspected of being clients were arrested: one of them was released and the other must be presented before a judge.
“Thieves” have become, in just a few years, a major threat to cybersecurity, and further proof that the barrier to entry to cybercrime is increasingly lower. Sold on certain forums or on Telegram, these viruses can only cost users about one hundred euros per month. Passwords stolen by these customers are often resold to the online chain. Victims can also be targeted by phishing campaigns, corrupted ads, or even “cracks,” files presented as pirated versions of games and software. The stolen access can then be used by other sectors of cybercrime: hackers specializing in ransomware, for example, can purchase passwords that allow them to connect to corporate networks or employee email inboxes.
