2024-11-07

Operation Magnus Seizes Key Servers, Halts Redline and Meta Infostealer Activities

Level: 
Strategic
  |  Source: 
BleepingComputer, Operation Magnus & The Record
Global
Share:

Operation Magnus Seizes Key Servers, Halts Redline and Meta Infostealer Activities

In a collaborative international effort on October 28, 2024, the Dutch National Police, in conjunction with the FBI and other global law enforcement partners under "Operation Magnus," dismantled the network infrastructure supporting the Redline and Meta infostealer malware. As noted by the Operation Magnus website, “On the 28th of October 2024, the Dutch National Police, working in close cooperation with the FBI and other partners of the international law enforcement task force Operation Magnus, disrupted operation of the Redline and Meta infostealers. Involved parties will be notified, and legal actions are underway.” This operation marks a significant disruption against these pervasive infostealers, which have proven to be insidious threats. Both Redline and Meta have enabled threat actors to harvest sensitive information from victims, including passwords, credit card details, and other personal data, which are then sold on the dark web or used in further criminal activity. With access to the primary servers and source code of both malware strains, law enforcement agencies now have insights into the tools, infrastructure, and identities of operators tied to this illicit ecosystem.

The infrastructure seizure emphasizes the increasing success of coordinated, multi-agency cyber operations. Dutch authorities reportedly gained “full access to all Redline and Meta servers,” which include command-and-control panels, malware binaries, and Telegram bot channels used for malware distribution, as reported by The Record. A video published on the Operation Magnus website showcased administrator access to these panels and warned cybercriminals involved in these operations that legal actions are underway, stating, “Involved parties will be notified, and legal actions are underway.” In a strategic move to intimidate and deter further criminal activity, Dutch law enforcement has created accounts on hacker forums to notify cybercriminals that their activities are under surveillance, echoing similar tactics used following the 2022 RaidForums takedown, based on reporting from BleepingComputer.

The scope of the disruption is vast. Redline, launched in 2020, has been a primary tool for data theft, responsible for almost a billion stolen credentials since its inception. Meta, a newer Windows infostealer launched in 2022, is described by cybersecurity experts as an advanced version of Redline, with both malware strains seemingly sharing developers and infrastructure, according to insights gathered from the operation. This coordinated takedown not only restricts access to stolen data markets but also limits the tools available to cybercriminals for harvesting and selling personal and corporate information. While arrests and further legal proceedings are anticipated, this seizure has already delivered a substantial setback to cybercriminal operations that rely on these infostealers as an entry point for corporate breaches and cyberespionage campaigns.

Get trending threats published weekly by the Anvilogic team.

Sign Up Now