Russia accused of creating RedLine data stealing malware, accused by US

The United States today announced charges against Russian citizen Maxim Rudometov for being the suspected developer and administrator of the RedLine malware operation, one of the most prolific information thieves of the last few years.

Marketed to cybercriminals and sold through subscriptions, these skimmers allow attackers to steal credentials and financial data and bypass multi-factor authentication.

Rudometov’s name appeared in the update of ‘Operation Magnus’, an international law enforcement operation. announced yesterday RedLine and META had disrupted malware-as-a-service (MaaS) platforms.

The operation saw Dutch police work with international partners including the FBI, the US Department of Justice and Eurojust to bring about an unprecedented disruption in two highly effective MaaS operations that stole millions of account credentials.

The US Department of Justice announced today Charges were brought against Maxim Rudometov based on evidence that he was directly involved in the establishment of RedLine and the management of its operations.

“Rudometov regularly accessed and manipulated RedLine Infostealer’s infrastructure, was associated with various cryptocurrency accounts used to receive and launder payments, and possessed the RedLine malware,” the Justice Department’s announcement states.

Rudometov faces the following charges for his role and leadership in the RedLine doxxing operation.

• Access Device Fraud under 18 USC § 1029, with a maximum penalty of 10 years in prison.
• Conspiracy to Commit Computer Intrusion, pursuant to 18 USC §§ 1030 and 371, with a maximum penalty of 5 years in prison.
• Money Laundering under 18 USC § 1956, with a maximum penalty of 20 years in prison.

He could face up to 35 years in prison if convicted on all charges. However, it is unclear at this stage whether the threat actor has been arrested.

The US Department of Justice stated that the investigation is still ongoing and does not believe it has all the evidence in the form of data stolen by the malware.

Additional information has also been released. Eurojust And dutch police Today it was revealed that authorities had shut down three servers in the Netherlands and seized two domains used by RedLine and META for command and control operations.

Two people were also arrested in Belgium; one was released, while the other was said to be a client of malware operations.

Authorities were led to the core part of the infrastructure after receiving tips from ESET, which mapped an extensive network of more than 1,200 servers located in multiple countries, communicating with central servers in the Netherlands.

Telegram accounts used by RedLine and META to promote the malware to interested buyers were also seized, thus disrupting their sales channels.

Unfortunately, if Rudometov is still at large, there is nothing stopping the threat actor from rebuilding the malware infrastructure and restarting operations.

ESET launches online scanner

Cyber ​​security firm ESET, which participated in the raid operation as a technical consultant, released a browser online To help potential victims determine whether they have been infected by information-stealing malware.

Downloading the browser opens step-by-step instructions on how to use it; It is also possible to set it to perform periodic scans for ongoing protection.

ESET recommends that people who receive a positive scan result (meaning they are infected) change their online account passwords and closely monitor their financial account activity.