Article Details
Scrape Timestamp (UTC): 2024-10-29 10:59:34.420
Source: https://thehackernews.com/2024/10/dutch-police-disrupt-major-info.html
Original Article Text
Click to Toggle View
Dutch Police Disrupt Major Info Stealers RedLine and MetaStealer in Operation Magnus. The Dutch National Police, along with international partners, have announced the disruption of the infrastructure powering two information stealers tracked as RedLine and MetaStealer. The takedown, which took place on October 28, 2024, is the result of an international law enforcement task force codenamed Operation Magnus that involved authorities from the U.S., the U.K., Belgium, Portugal, and Australia. Eurojust, in a statement published today, said the operation led to the shut down of three servers in the Netherlands and the confiscation of two domains. In total, over 1,200 servers in dozens of countries are estimated to have been used to run the malware. As part of the efforts, one administrator has been charged by the U.S. authorities and two people have been arrested by the Belgian police, the Politie said, adding one of them has since been released, while the other remains in custody. Investigation into the technical infrastructure of the information stealers began a year ago based on a tip from cybersecurity company ESET that the servers are located in the Netherlands. Among the data seized included usernames, passwords, IP addresses, timestamps, registration dates, and the source code of both the stealer malware. In tandem, several Telegram accounts associated with the stealer malware have been taken offline. Further investigation into their customers is ongoing. "The infostealers RedLine and MetaStealer were offered to customers via these groups," Dutch law enforcement officials said. "Until recently, Telegram was a service where criminals felt untouchable and anonymous. This action has shown that this is no longer the case." It's worth noting that the MetaStealer target as part of Operation Magnus is different from the MetaStealer malware that's known to target macOS devices. Information stealers such as RedLine and MetaStealer are crucial cogs in the cybercrime wheel, allowing threat actors to siphon credentials and other sensitive information that could then be sold off to other threat actors for follow-on attacks like ransomware. Stealers are typically distributed under a malware-as-a-service (MaaS) model, meaning the core developers rent access to the tool to other cybercriminals either on a subscription basis or for a lifetime license. (This is a developing story. Please check back for more updates.)
Daily Brief Summary
Dutch National Police, with global partners, disrupted operations of information stealers RedLine and MetaStealer under Operation Magnus.
On October 28, 2024, authorities took down three servers in the Netherlands and seized two domains linked to these malware operations.
Over 1,200 servers globally were estimated to be involved in running this malicious software.
Legal actions included charges against one administrator in the U.S. and the arrest of two individuals in Belgium, with one still in custody.
The operation was initiated following a tip from cybersecurity firm ESET about the server locations in the Netherlands.
Seized data included user credentials, IP addresses, timestamps, and the source codes of the malware.
Several Telegram accounts associated with the malware distribution were also shut down, indicating a crackdown on encrypted services previously deemed secure by criminals.
Ongoing investigations are focusing on the customers of these malware-as-a-service (MaaS) platforms, which rent out the stealing tools to other cyber criminals.