In a landmark victory against cybercrime, an international coalition of law enforcement agencies has successfully disrupted the infrastructure of two major infostealers, RedLine and Meta. Codenamed “Operation Magnus,” this coordinated effort has dealt a significant blow to global cybercriminal networks, showcasing the power of international cooperation in combating digital threats.
The Scope of the Threat: Millions of Victims Worldwide
According to Eurojust, RedLine and Meta represented one of the most extensive malicious platforms, targeting millions of users globally. These infostealers were designed to extract a wide range of personal data, including login credentials, cryptocurrency wallet information, cookies, email addresses, and phone numbers. The stolen data was subsequently sold to other cybercriminals, fueling further financial fraud and cyberattacks.
Evolution of the Threat: From RedLine to Meta
RedLine, a .NET-based infostealer, emerged in the cybercrime market in 2020, operating on a malware-as-a-service model. Over 20 Russian-speaking hacker groups distributed this malware through underground forums and Telegram channels. In 2022, Meta (also known as MetaStealer) appeared as an advanced version of RedLine, boasting even more dangerous capabilities.
The primary distribution methods for these infostealers included phishing emails, malvertising, and disguising as legitimate software. According to Recorded Future, in 2024 alone, RedLine and Meta collectively stole an astounding 227 million unique email-password pairs, underscoring the magnitude of the threat.
Operation Magnus: International Collaboration in Action
Operation Magnus was the result of joint efforts by Europol, Eurojust, and law enforcement agencies from the Netherlands, USA, UK, Belgium, Portugal, and Australia. Cybersecurity experts from ESET provided significant support. The operation achieved several crucial outcomes:
- Shutdown of three key RedLine and Meta servers
- Seizure of two domains linked to the infostealers’ infrastructure
- Arrest of two suspects
- Collection of information on over 1,200 servers used by the malware
- Access to the stealers’ customer database
- Seizure of source code, including license servers, REST API services, and stealer binaries
- Access to Telegram accounts associated with both malware strains
Implications of the Operation: The End of Anonymity for Cybercriminals
Following the successful operation, law enforcement agencies launched an active campaign to inform cybercriminals that their anonymity is no longer guaranteed. Dutch police posted warning messages on hacking forums and sent personal notifications to suspects. This continues the tactics previously used after the dismantling of the Emotet botnet in 2021 and the closure of the RaidForums hacking resource in 2023.
Legal Consequences: Charges Against the Alleged Developer
As part of Operation Magnus, U.S. authorities have brought charges against Russian citizen Maxim Rudometov, believed to be the developer of RedLine. He faces accusations of access device fraud, conspiracy to commit computer hacking, and money laundering. If convicted, Rudometov could face up to 35 years in prison.
Operation Magnus demonstrates the effectiveness of international cooperation in combating cybercrime. However, despite this success, users are advised to remain vigilant and regularly check the security of their credentials. ESET has released a free tool to check for potential leaks related to RedLine and Meta, emphasizing the importance of constant vigilance in cybersecurity matters. This operation serves as a reminder that while law enforcement continues to make strides against cybercrime, individual users play a crucial role in maintaining their digital safety.