International law enforcement disrupts operations of two of the most widely used infostealer malware around the globe – RedLine and Meta.
“Operation Magnus, disrupted operation of the Redline and Meta infostealers. Involved parties will be notified, and legal actions are underway,” the notice said.
Along with the notice, the law enforcement agencies included a 50-second video, which stated that they “gained full access to RedLine and Meta [stealers] servers.”
What’s Likely Taken Down in Operation Magnus
The video further claimed the two infostealers are pretty much the same and that the version now dismantled gave unique insights in the customers who used this malware-as-a-service offering on the dark web. This includes username, passwords, IP, addresses, timestamps, registration date, etc. of all those who have registered and taken services from this MaaS service provider.
The law enforcement was also likely able to hack into the main frame infrastructure including the licensed servers, REST-API servers, stealers and even Telegram bots that were used by the gang to operate their network over social networking and messaging channels.
Apart from this, a scroll of usernames, which the authorities called as “VIP clients” was also shown but it is not clear if they have been arrested or were indicted. As per the timer set on the official website, more details will be revealed in a day’s time. A joint statement is expected.
The manner of setting up a website and revealing details in this case is similar to “Operation Endgame,” again a major international law enforcement operation, which disrupted a large-scale botnet infrastructure, targeting notorious malware droppers like IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee and TrickBot.
Related