U.S. prosecutors have indicted Russian national Maxim Rudmetov for his alleged involvement in the development and distribution of the notorious password-stealing malware Redline.
The charges were announced as part of “Operation Magnus”, which was first revealed by the Dutch National Police on Monday. In this multi-year operation, international law enforcement agencies dismantled the infrastructure of Redline and Meta, two prolific malware strains that have been used to steal sensitive information from millions of people.
The indictment released Tuesday revealed how a series of operational security (“opsec”) errors led authorities to Rudometov. According to the indictment, Rudmetov used a Yandex email account known to law enforcement to register an account on a Russian-language hacking forum, where he used several nicknames and used Skype and iCloud. It is said that it has been reused on other platforms such as.
U.S. authorities said they were able to retrieve files from Rudmetov's iCloud account, including “a number of files identified as malware by antivirus engines, including… It also includes files that were determined to be present.
Rudmetov used the same Yandex email address to create a publicly visible profile on the Russian social networking service VK, according to the complaint. Law enforcement found Rudmetov “closely similar” to the person depicted in the ad found in an earlier blog post about Red Line. The ad promoted an individual's skills in “creating botnets and stealers.”
According to the complaint, Rudemetov also used one of his hacking nicknames, “Gacking,” on the VK dating site.
A screenshot of a dating profile used by the alleged developer of the Redline information-stealing malware. Source: TechCrunch (Screenshot) Image credit: Department of Justice
After receiving a tip from an anonymous security firm in August 2021, US authorities obtained a search warrant to analyze data found on one of the servers used by Redline, from which additional information ( IP address, Binance address registered in the same Yandex, etc.) were obtained. account — linking Rudmetov to the development and deployment of a notorious information thief.
“Rudmetov regularly accessed and managed the Redline infostealer's infrastructure, was associated with various cryptocurrency accounts used to receive and launder payments, and was in possession of Redline malware,” the Justice Department said on Tuesday. Announced. The indictment alleges that Redline has been used to infect millions of computers around the world since February 2020, including “hundreds” of computers used by the U.S. Department of Defense. It became clear that it was included.
It is not yet known whether Rudmetov has been arrested. If convicted, he could be sentenced to up to 35 years in prison.
Europol and Dutch police also revealed further information about Operation Magnus on Tuesday, revealing that three servers were taken offline in the Netherlands and two domains used for command and control operations by Redline and Meta were seized. I made it.
Authorities also deleted multiple Telegram accounts associated with the malware, “stopped the sale of stolen products,” and two more people (including a customer of the malware) were arrested in Belgium.