HQ/EMEAFind out how we can help your business
Operation Magnus, led by the Dutch National Police in collaboration with the FBI and other international agencies, has successfully dismantled the network infrastructure behind the notorious Redline and Meta infostealers. The operation, which was announced on a dedicated website, detailed the seizure and disruption of these malware operations, marking a critical achievement in the ongoing fight against cybercrime.
With support from U.S. and European law enforcement agencies, the coordinated takedown targeted the backbone of these two widely used cybercrime tools. The Dutch Police confirmed that this extensive action not only halted the malware’s operations but also secured valuable data, demonstrating the power of international collaboration against information-stealing malware.
Redline and Meta, both notorious infostealers, have been extensively used by cybercriminals to gather sensitive information from infected devices. This malware is designed to capture data stored in browsers, including usernames, passwords, authentication cookies, browsing history, SSH keys, and cryptocurrency wallets. Cybercriminals typically leverage this information to fuel large-scale network breaches, ransomware campaigns, and cyber espionage activities.
According to Operation Magnus, all collected data from these malware operations now rests in the hands of law enforcement.
The operation announcement, published on a specialised site, came with a video that includes firm warnings for the malware’s users and a glimpse of the compromised servers. This footage revealed the investigators’ access to a variety of resources, including the source code, administrator panels, REST API services, and even the bots on Telegram used to sell Redline and Meta. By gaining access to these critical assets, authorities can identify and prosecute the malware’s developers, distributors, and users. Additionally, the seized data encompasses IP addresses, activity logs, and other sensitive information that could potentially lead to further arrests.
Operation Magnus also showcased the Dutch National Police’s unique approach to warning cybercriminals. The Dutch authorities have previously taken to hacking forums and online communities to caution individuals about law enforcement monitoring. This tactic was notably employed after the RaidForums’ seizure in 2022, where minors involved in hacking activities were directly warned about the legal consequences of their actions. In Operation Magnus, law enforcement has reportedly used similar techniques, contacting Redline and Meta users on forums like XSS to remind them that their activities are under inspection.
The takedown of Redline and Meta deals a significant blow to the malware-as-a-service (MaaS) industry, a cybercrime model that has allowed malicious actors to access advanced tools with little technical knowledge. Businesses are increasingly at risk from information-stealing malware, as credentials obtained from these attacks are often sold on the dark web or made public for reputational purposes.
Redline, first seen in 2020, quickly became a primary tool for credential theft, while Meta, a newer malware announced in 2022, was touted as an upgraded version of Redline. Together, these malware strains have led to significant data breaches, with estimates of hundreds of millions of credentials stolen and sold over the past few years.
Operation Magnus is an important reminder of the dangers cybercriminals face when they engage in illegal digital activity, and the international law enforcement community is still working to combat it. In the days ahead, further information regarding the arrests and court cases brought about by this operation should be available.
