Dutch National Police, in partnership with the FBI and other international agencies, have dealt a severe blow to two notorious info stealers — Redline and Meta — by taking over their servers. This breakthrough operation, dubbed ‘Operation Magnus,’ represents an international alliance to counter threat actors.
The announcement, made on a dedicated website for Operation Magnus, revealed the scale of collaboration between the international agencies. Through this effort, law enforcement agencies gained unfettered access to Redline and Meta serves, including several critical administrator panels and the source code itself, marking the operation as one of the most extensive takedowns of cybercrime infrastructure to date.
Visitors to the Operation Magnus site were greeted with a chilling message from law enforcement. A video parodying the promotional material often used by cybercriminals announced a ‘final update’ for the malware strains, confirming that authorities have locked down control over the servers.
In a bold message targeting those who profit from info stealers, the video proclaimed, “Thank you for installing this update. We’re looking forward to seeing you soon,” paired with graphic cuffed hands.
The operation website further indicated that “involved parties will be notified,” signalling that individuals associated with Redline and Meta may soon face legal action. According to Dutch authorities, the unprecedented access obtained may provide critical intelligence into the users of these malware services, potentially exposing a significant network of cybercriminals.
The Operation Magnus site also featured a timer counting down to Tuesday, set to reveal further details on the crackdown. Observes and cybersecurity experts are closely watching to see whether this development could lead to further arrests.
Redline and Meta were widely available, enabling cybercriminals to commit data theft with minimal technical skill. However, the full server access gained by law enforcement disrupts these operations and potentially exposes the identities of cybercriminals reliant on these tools.
In October 2024, Europol arrested four persons related to the LockBit ransomware gang in a massive operation involving 12 countries. Similarly, in July, the National Crime Agency (NCA), in Operation Morpheus, shut down 593 servers of the Cobalt Strike penetration testing tool.
In the News: Scammers impersonate Temu, TikTok to target job seekers