International law enforcement disrupts operations of two of the most widely used infostealer malware around the globe – RedLine and Meta.
According to a notice put on the official website where the first details of the takedown appeared, the action was a coordinated effort led by the Dutch Police authorities and supported by the FBI and other partners of the international law enforcement including the United Kingdom, Australia, Portugal and more.
“Operation Magnus, disrupted operation of the Redline and Meta infostealers. Involved parties will be notified, and legal actions are underway,” the notice said.
Along with the notice, the law enforcement agencies included a 50-second video, which stated that they “gained full access to RedLine and Meta [stealers] servers.”
What’s Likely Taken Down in Operation Magnus
The video further claimed the two infostealers are pretty much the same and that the version now dismantled gave unique insights in the customers who used this malware-as-a-service offering on the dark web. This includes username, passwords, IP, addresses, timestamps, registration date, etc. of all those who have registered and taken services from this MaaS service provider.
The law enforcement was also likely able to hack into the main frame infrastructure including the licensed servers, REST-API servers, stealers and even Telegram bots that were used by the gang to operate their network over social networking and messaging channels.
Apart from this, a scroll of usernames, which the authorities called as “VIP clients” was also shown but it is not clear if they have been arrested or were indicted. As per the timer set on the official website, more details will be revealed in a day’s time. A joint statement is expected.
The manner of setting up a website and revealing details in this case is similar to “Operation Endgame,” again a major international law enforcement operation, which disrupted a large-scale botnet infrastructure, targeting notorious malware droppers like IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee and TrickBot.
Mihir Bagwe
Bagwe has nearly half a decade of experience in reporting on the latest cybersecurity news and trends, and interviewing cybersecurity subject matter experts. He has previously worked with ISMG and CISO MAG, publications focussed on addressing the cybersecurity needs of the C-Suite, particularly the CISO and CIO communities.