October 29, 2024 at 08:03AM
The Dutch National Police, with international partners, disrupted the infrastructure of the RedLine and MetaStealer information stealers on October 28, 2024, during Operation Magnus. The takedown led to three server shutdowns, domain confiscations, and arrests. Investigations continue into associated networks and customers, highlighting vulnerabilities in cybercriminal communications.
**Meeting Takeaways – October 29, 2024**
**Topic:** Cybercrime / Malware Update
1. **Operation Magnus Overview:**
– The Dutch National Police, in collaboration with international partners (U.S., U.K., Belgium, Portugal, Australia), successfully disrupted the infrastructure of two information stealers: RedLine and MetaStealer.
– The operation took place on October 28, 2024.
2. **Key Outcomes:**
– **Infrastructure Disruption:** Shut down of three servers in the Netherlands and confiscation of two domains.
– **Estimated Servers:** Over 1,200 servers across various countries involved in malware operations.
– **Arrests and Charges:** One administrator charged by U.S. authorities; two individuals arrested by Belgian police (one released, one still in custody).
3. **Investigation Background:**
– An investigation initiated one year ago based on a tip from cybersecurity company ESET regarding the location of servers in the Netherlands.
4. **Seized Data:**
– Data seized included usernames, passwords, IP addresses, timestamps, registration dates, and source code for the stealer malware.
– Several associated Telegram accounts linked to the malware were taken offline.
5. **Significance of Operation:**
– This operation highlights the diminishing sense of anonymity among criminals using Telegram for illicit activities.
– The info stealers are part of a malware-as-a-service (MaaS) model, facilitating the sale of sensitive information for further cybercrimes, including ransomware.
6. **Clarification on MetaStealer:**
– The version of MetaStealer targeted in Operation Magnus is different from the variant known for targeting macOS devices.
7. **Next Steps:**
– Ongoing investigation into the customers of the information stealers.
*(This summary is based on a developing story; further updates may follow.)*