Operation Magnus: Taking Down Redline and META Infostealers

On October 28, 2024, the Dutch National Police, in collaboration with the FBI and other international partners under Operation Magnus, successfully disrupted the operations of the notorious Redline and META infostealers. This multinational effort marks a significant achievement in the fight against cybercrime, especially in the area of information-stealing malware.

Understanding Infostealers and Their Impact

Infostealers are a type of malicious software that bypasses multi-factor authentication (MFA) and extracts sensitive information from infected devices, including login credentials, personal data, and financial details. Commonly spread through phishing campaigns, malicious websites, and compromised downloads, infostealers operate silently, gathering data in the background and transmitting it to attackers.

Infostealers are highly effective tools for cybercriminals, providing quick access to a large volume of sensitive data. This data, often referred to as "logs," is sold on hacking forums, Darkweb marketplaces, or Telegram channels, where it fuels further cybercriminal activity.

Redline "logs" shared on a private Telegram group

Impact of Redline and META

In 2024 alone, Redline and META accounted for over 64% of all devices infected by infostealers. Together, these malware strains have stolen more than 451 million unique credentials, significantly contributing to data breaches and financial losses worldwide.

Operation Magnus: The Law Enforcement Response

Operation Magnus was spearheaded by the Dutch Police with assistance from the U.S. Department of Justice, Eurojust, FBI, and additional support from agencies in Australia and the United Kingdom. This collaboration resulted in the dismantling of key infrastructure used by Redline and META, effectively curtailing their operational capabilities.

In the United States, authorities have charged Maxim Rudometov, a Russian national from Krasnodar, believed to be the developer and administrator of Redline. The criminal complaint against Rudometov, originally filed two years ago, was publicly revealed on October 29. Evidence suggests that Rudometov frequently accessed and managed Redline's infrastructure, controlled cryptocurrency accounts linked to payments and money laundering, and was in possession of Redline malware.

Charges Filed

Maxim Rudometov faces charges under several U.S. statutes:

• Access Device Fraud, in violation of 18 U.S.C. § 1029
• Conspiracy to Commit Computer Intrusion, in violation of 18 U.S.C. §§ 1030 and 371
• Money Laundering, in violation of 18 U.S.C. § 1956

If convicted on all counts he faces a total of 35 years in prison.

Criminal Complaint, USA v. Maxim Rudometov (Redline) | 03-11-2022