The US has brought charges against Maxim Rudometov, suspected of developing and administering one of the most famous malware programs of recent years — RedLine.
The malware was actively used in the cybercriminal environment to steal credentials, financial information, and bypass two-factor authentication. RedLine was sold by subscription and became one of the most successful infostealers on the black market.
The charges were brought as part of the international operation Operation Magnus, aimed at suppressing the activities of MaaS programs RedLine and Meta. As a result of the investigation, law enforcement agencies gained access to the data of victims whose devices were infected with RedLine and Meta. Many unique accounts, email addresses, bank account data, cryptocurrency wallet numbers, and credit card numbers were identified. The investigation is ongoing, and the exact amount of data stolen is still unknown.
According to the US Department of Justice, evidence has been collected of Rudometov's direct participation in the creation and management of RedLine. The suspect managed the malware infrastructure, owned cryptocurrency accounts where funds from RedLine operations were received and laundered, and stored copies of the malware.
Rudometov has been charged with access device fraud, conspiracy to hack computer systems, and money laundering. The maximum sentence for each count is 10, 5, and 20 years in prison, respectively. If convicted on all counts, Rudometov could face up to 35 years in prison. However, there is currently no information about Rudometov's arrest.
As part of the operation, 3 servers in the Netherlands were seized and 2 domains were seized, through which the RedLine and Meta platforms were managed. 2 people were also detained in Belgium, one of whom turned out to be a client of the malicious platform.
Information about the server network was also obtained. As a result, an extensive complex of more than 1,200 servers in different countries interacting with central servers in the Netherlands was discovered. In addition, the RedLine and Meta Telegram channels used to sell the malware were also blocked, temporarily disrupting the distribution of infostealers.
However, if the accused remains at large, the threat of the RedLine infrastructure being recreated and operations resuming remains.
www.justice.gov
The malware was actively used in the cybercriminal environment to steal credentials, financial information, and bypass two-factor authentication. RedLine was sold by subscription and became one of the most successful infostealers on the black market.
The charges were brought as part of the international operation Operation Magnus, aimed at suppressing the activities of MaaS programs RedLine and Meta. As a result of the investigation, law enforcement agencies gained access to the data of victims whose devices were infected with RedLine and Meta. Many unique accounts, email addresses, bank account data, cryptocurrency wallet numbers, and credit card numbers were identified. The investigation is ongoing, and the exact amount of data stolen is still unknown.
According to the US Department of Justice, evidence has been collected of Rudometov's direct participation in the creation and management of RedLine. The suspect managed the malware infrastructure, owned cryptocurrency accounts where funds from RedLine operations were received and laundered, and stored copies of the malware.
Rudometov has been charged with access device fraud, conspiracy to hack computer systems, and money laundering. The maximum sentence for each count is 10, 5, and 20 years in prison, respectively. If convicted on all counts, Rudometov could face up to 35 years in prison. However, there is currently no information about Rudometov's arrest.
As part of the operation, 3 servers in the Netherlands were seized and 2 domains were seized, through which the RedLine and Meta platforms were managed. 2 people were also detained in Belgium, one of whom turned out to be a client of the malicious platform.
Information about the server network was also obtained. As a result, an extensive complex of more than 1,200 servers in different countries interacting with central servers in the Netherlands was discovered. In addition, the RedLine and Meta Telegram channels used to sell the malware were also blocked, temporarily disrupting the distribution of infostealers.
However, if the accused remains at large, the threat of the RedLine infrastructure being recreated and operations resuming remains.
U.S. Joins International Action Against RedLine and META Infostealers
In a joint disruption effort with EuroJust and other partners, the DOJ unsealed a warrant issued in the Western District of Texas that authorized law enforcement to seize two domains used by RedLine and META for command and control, along with a complaint charging Maxim Rudometov, one of the...