U.S. prosecutors have charged Russian nationwide Maxim Rudometov over his alleged involvement in creating and distributing the infamous Redline password-stealing malware.
The costs have been introduced as a part of “Operation Magnus,” first unveiled by the Dutch Nationwide Police on Monday. This years-in-the-making operation noticed worldwide regulation enforcement companies dismantle the infrastructure of Redline and Meta, two prolific malware strains which were used to steal delicate data from tens of millions of individuals.
A grievance unsealed on Tuesday revealed how a collection of operational safety — or “opsec” — errors led to the authorities figuring out Rudometov. In line with the indictment, Rudometov used a Yandex e mail account recognized to regulation enforcement to register accounts on Russian-language hacking boards, the place he used a handful of monikers that have been re-used throughout different platforms together with Skype and iCloud.
U.S. authorities say they have been in a position to retrieve recordsdata from Rudometov’s iCloud account, together with “numerous files that were identified by antivirus engines as malware, including at least one that was… determined to be Redline.”
The identical Yandex e mail deal with was additionally utilized by Rudometov to create a publicly viewable profile on the Russian social networking service VK, in line with the grievance. Legislation enforcement discovered that Rudometov “bore a close resemblance” to a person depicted in an commercial present in an earlier weblog put up about Redline. The commercial promoted the person’s abilities in “writing botnets and stealers”.
Rudemetov allegedly additionally used one in every of his hacking monikers — “ghacking” — on VK’s relationship web site, in line with the grievance.
After receiving a tip from an unnamed safety agency in August 2021, U.S. authorities obtained a search warrant to research the info present in one of many servers utilized by Redline, which offered extra data — together with IP addresses and a Binance deal with registered to the identical Yandex account — linking Rudometov to the event and deployment of the infamous infostealer.
“Rudometov regularly accessed and managed the infrastructure of Redline infostealer, was associated with various cryptocurrency accounts used to receive and launder payments, and was in possession of Redline malware,” the DOJ stated on Tuesday. The grievance revealed that Redline had been used to contaminate tens of millions of computer systems world wide since February 2020, together with “several hundred” machines utilized by the U.S. Division of Protection.
It’s not but recognized if Rudometov has been arrested. If convicted, he faces as much as 35 years in jail.
Europol and the Dutch police additionally revealed additional details about Operation Magnus on Tuesday, revealing that three servers have been taken offline within the Netherlands and two domains used for command and management operations by Redline and Meta have been seized.
Authorities additionally took down a number of Telegram accounts related to the malware, which has “caused the sale of the stealers… to be halted”, and two extra people — together with a buyer of the malware — have been arrested in Belgium.
