{
	"id": "e391f1a0-6650-459a-8e89-b15ca164772b",
	"created_at": "2026-04-07T02:20:32.70126Z",
	"updated_at": "2026-04-10T13:12:44.530831Z",
	"deleted_at": null,
	"sha1_hash": "06d6a90437f590c6a4dcf2361f2f60cc28447612",
	"title": "U.S. Joins International Action Against RedLine and META Infostealers",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 37549,
	"plain_text": "U.S. Joins International Action Against RedLine and META\r\nInfostealers\r\nPublished: 2024-10-28 · Archived: 2026-04-07 02:02:16 UTC\r\nAUSTIN, Texas – The Department of Justice joined the Netherlands, Belgium, Eurojust and other partners in\r\nannouncing an international disruption effort against the current version of RedLine Infostealer, one of the most\r\nprevalent infostealers in the world that has targeted millions of victim computers, and the closely-related META\r\nInfostealer.\r\nThe Justice Department, FBI, Naval Criminal Investigative Service, IRS Criminal Investigation, Defense Criminal\r\nInvestigative Service, and Army Criminal Investigation Division joined international partners in the Joint\r\nCybercrime Action Taskforce (“JCAT”) Operation Magnus (supported by Europol) to seize domains, servers, and\r\nTelegram accounts used by the RedLine and META administrators to disrupt the operations of the infostealers.\r\nInternational authorities have created a website at www.operation-magnus.com\r\nwith additional resources for the public and potential victims.\r\nInfostealers are a prevalent form of malware used to steal sensitive information from victim’s computers including\r\nusernames and passwords, financial information, system information, cookies, and cryptocurrency accounts. The\r\nstolen information—referred to as “logs”—is sold on cybercrime forums and used for further fraudulent activity\r\nand other hacks. RedLine has been used to conduct intrusions against major corporations. RedLine and META\r\ninfostealers can also enable cyber criminals to bypass multi-factor authentication (MFA) through the theft of\r\nauthentication cookies and other system information.\r\nRedLine and META are sold through a decentralized Malware as a Service (“MaaS”) model where affiliates\r\npurchase a license to use the malware, and then launch their own campaigns to infect their intended victims. The\r\nhttps://www.justice.gov/usao-wdtx/pr/us-joins-international-action-against-redline-and-meta-infostealers\r\nPage 1 of 3\n\nmalware is distributed to victims using malvertising, e-mail phishing, fraudulent software downloads, and\r\nmalicious software sideloading. Various schemes, including COVID-19 and Windows update related ruses have\r\nbeen used to trick victims into downloading the malware. The malware is advertised for sale on cybercrime\r\nforums and through Telegram channels that offer customer support and software updates. RedLine and META\r\nhave infected millions of computers worldwide and, by some estimates, RedLine is one of the top malware\r\nvariants in the world.\r\nThrough various investigative steps, law enforcement has collected victim log data stolen from computers infected\r\nwith RedLine and META. While an exact number has not been finalized, agents have identified millions of unique\r\ncredentials (usernames and passwords), email addresses, bank accounts, cryptocurrency addresses, credit card\r\nnumbers, etc. The United States does not believe it is in possession of all the stolen data and continues to\r\ninvestigate.\r\nThe Department has unsealed a warrant issued in the Western District of Texas that authorized law enforcement to\r\nseize two domains used by RedLine and META for command and control.\r\nIn conjunction with the disruption effort, the Justice Department unsealed charges against Maxim Rudometov, one\r\nof the developers and administrators of RedLine Infostealer. According to the complaint, Rudometov regularly\r\naccessed and managed the infrastructure of RedLine Infostealer, was associated with various cryptocurrency\r\naccounts used to receive and launder payments and was in possession of RedLine malware. For his actions, he has\r\nbeen charged with access device fraud, in violation of 18 U.S.C. § 1029, conspiracy to commit computer\r\nintrusion, in violation of 18 U.S.C. §§ 1030 and 371, and money laundering, in violation of 18 U.S.C. § 1956.\r\nIf convicted, Rudometov faces a maximum penalty of 10 years in prison for access device fraud, five years in\r\nprison for conspiracy to commit computer intrusion, and 20 years in prison for money laundering. The complaint\r\nis merely an allegation, and the defendant is presumed innocent until proven guilty beyond a reasonable doubt in a\r\ncourt of law.\r\nThe FBI Austin Cyber Task Force is investigating the case. The Task Force participants include the Naval\r\nCriminal Investigative Service, IRS Criminal Investigation, Defense Criminal Investigative Service, and Army\r\nCriminal Investigation Division, among other agencies.\r\nAssistant U.S. Attorney G. Karthik Srinivasan is prosecuting the case. The Justice Department’s Cybercrime\r\nLiaison Prosecutor to Eurojust and Office of International Affairs also provided significant assistance.\r\nThe disruption effort announced today was in conjunction with Operation Magnus, a JCAT law enforcement\r\noperation to investigate RedLine and META Infostealers. The participating agencies included the Dutch National\r\nPolice, Belgian Federal Police, Belgian Federal Prosecutor’s Office, United Kingdom National Crime Agency,\r\nAustralian Federal Police, Portuguese Federal Police, and Eurojust.\r\n###\r\nAttachment: \r\nAttachment: \r\nhttps://www.justice.gov/usao-wdtx/pr/us-joins-international-action-against-redline-and-meta-infostealers\r\nPage 2 of 3\n\nSource: https://www.justice.gov/usao-wdtx/pr/us-joins-international-action-against-redline-and-meta-infostealers\r\nhttps://www.justice.gov/usao-wdtx/pr/us-joins-international-action-against-redline-and-meta-infostealers\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.justice.gov/usao-wdtx/pr/us-joins-international-action-against-redline-and-meta-infostealers"
	],
	"report_names": [
		"us-joins-international-action-against-redline-and-meta-infostealers"
	],
	"threat_actors": [],
	"ts_created_at": 1775528432,
	"ts_updated_at": 1775826764,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/06d6a90437f590c6a4dcf2361f2f60cc28447612.pdf",
		"text": "https://archive.orkl.eu/06d6a90437f590c6a4dcf2361f2f60cc28447612.txt",
		"img": "https://archive.orkl.eu/06d6a90437f590c6a4dcf2361f2f60cc28447612.jpg"
	}
}