Tech News
ESET shines light on cyber criminal RedLine empire
Cyber security analysts at ESET have published a detailed analysis of the RedLine Stealer operation and its clone, Meta, following the dismantling of the cyber criminal empire in a Dutch-led operation.
Operation Magnus, carried out by the Dutch National Police force with support from the European Union, FBI, and UK’s National Crime Agency, successfully took down the infamous infostealers’ infrastructure.
ESET played a crucial role in the investigation, initially notifying Dutch authorities about the malwares’ infrastructure hosted in their jurisdiction. They also participated in a preliminary operation targeting the gang’s use of GitHub repositories as a control mechanism.
After analyzing the malwares’ source code and backend infrastructure, ESET confirmed that both RedLine and Meta were created by the same individual. They identified over 1,000 unique IP addresses used to control the operation.
According to ESET researcher Alexandre Côté Cyr, “We identified over 1,000 unique IP addresses hosting RedLine control panels, indicating a significant number of subscribers to the RedLine MaaS.”
ESET’s investigation revealed that the 2023 versions of RedLine Stealer used the Windows Communication Framework, while the latest version from 2024 utilizes a REST API for communication.
Global operation
ESET found that the IP addresses were spread globally, with a high concentration in Germany, the Netherlands, and Russia. Approximately 10% of the addresses were located in Finland and the US.
The investigation also uncovered multiple backend servers, with a significant portion in Russia, and others in Czechia, the Netherlands, and the UK.
What was RedLine Stealer?
The primary objective of RedLine and Meta operations was to gather extensive data from victims, including cryptocurrency wallets, credit card details, saved credentials, and information from platforms like desktop VPNs, Discord, Telegram, and Steam.
Operators could purchase access to the infostealer solution through online forums or Telegram channels, choosing between monthly subscriptions or lifetime licenses. They received a control panel to generate malware samples and act as a command and control server.
Côté Cyr explained, “Affiliates found it easier to integrate RedLine Stealer into larger campaigns using this turnkey solution. Examples include posing as free downloads of ChatGPT in 2023 and video game cheats in 2024.”
Before its takedown, RedLine was one of the most widespread infostealers with numerous affiliates, likely orchestrated by a small group of individuals. The creator, Maxim Rudometov, has been identified and charged in the US.
-
Destination3 months ago
Singapore Airlines CEO set to join board of Air India, BA News, BA
-
Tech News7 months ago
Bangladeshi police agents accused of selling citizens’ personal information on Telegram
-
Motivation6 months ago
The Top 20 Motivational Instagram Accounts to Follow (2024)
-
Guides & Tips5 months ago
Have Unlimited Korean Food at MANY Unlimited Topokki!
-
Guides & Tips5 months ago
Satisfy Your Meat and BBQ Cravings While in Texas
-
Gaming4 months ago
The Criterion Collection announces November 2024 releases, Seven Samurai 4K and more
-
Self Development7 months ago
Don’t Waste Your Time in Anger, Regrets, Worries and Grudges
-
Toys6 months ago
15 of the Best Trike & Tricycles Mums Recommend