Diamond Member Pelican Press 0 Posted November 8 Diamond Member Share Posted November 8 This is the hidden content, please Sign In or Sign Up ESET shines light on cyber ********* RedLine empire Cyber security analysts at This is the hidden content, please Sign In or Sign Up have released an in-depth look at the inner workings of the RedLine Stealer operation and its clone, known as Meta, in the wake of a Dutch-led operation that saw the cyber ********* empire ***** low. Operation Magnus saw the Dutch National Police force, working with ********* Union support and other agencies including the FBI and the ***’s National ****** Agency (NCA), dismantle the infamous infostealers’ infrastructure. The action was the culmination of a lengthy investigation to which ESET – which initially notified the authorities in the Netherlands that some of the This is the hidden content, please Sign In or Sign Up infrastructure was being hosted in their jurisdiction – was a key contributor, taking part in a preliminary operation last year that targeted the gang’s ability to use GitHub repositories as a “*****-drop” control mechanism. In an extensive dossier, ESET said that having conducted an extensive analysis of the malwares’ source code and backend infrastructure in the run-up to Operation Magnus, it was now able to confirm with certainty that both Redline and Meta did indeed share the same creator, and identified well over 1,000 unique IP addresses that had been used to control the operation. “We were able to identify over 1,000 unique IP addresses used to host RedLine control panels,” said ESET researcher Alexandre Côté Cyr. “While there may be some overlap, this suggests on the order of 1,000 of subscribers to the RedLine MaaS [malware as a service],” he added. “The 2023 versions of RedLine Stealer ESET investigated in detail used the Windows Communication Framework for communication between the components, while the latest version from 2024 uses a REST API.” Global operation The IP addresses found by ESET were dispersed globally, although mostly in Germany, the Netherlands and Russia, all accounting for about 20% of the total. Approximately 10% were located in Finland and the US. ESET’s investigation also identified multiple distinct backend servers, with about 33% in Russia, and Czechia, the Netherlands and the *** all accounting for about 15%. What was RedLine Stealer? Ultimately, the goal of the RedLine and Meta operations was to harvest vast amounts of data from its victims, including information on cryptocurrency wallets, credit card details, saved credentials, and data from platforms including desktop VPNs, Discord, Telegram and Steam. The operators’ clients bought access to the product, described by ESET in corporate terms as a “turnkey infostealer solution”, through various online forums or Telegram channels. They could select either a monthly rolling subscription or a lifetime licence, and in exchange for their money received a control panel to generate malware samples and act as a personal command and control server. “Using a ready-made solution makes it easier for the affiliates to integrate RedLine Stealer into larger campaigns,” said Côté Cyr. “Some notable examples include posing as free downloads of ChatGPT in 2023 and masquerading as video game cheats in the first half of 2024.” At its peak, prior to the takedown, RedLine was probably the most widespread infostealer in operation, with a comparatively large number of affiliates. However, said ESET, the MaaS enterprise was likely orchestrated by a very small number of people. Crucially, the creator of the malwares, named as Maxim Rudometov, This is the hidden content, please Sign In or Sign Up . This is the hidden content, please Sign In or Sign Up #ESET #shines #light #cyber #********* #RedLine #empire This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up Link to comment https://hopzone.eu/forums/topic/163787-eset-shines-light-on-cyber-criminal-redline-empire/ Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now