Today (October 28th, 2024), the Dutch National Police, in collaboration with the FBI and partners of the international law enforcement task force Operation Magnus, successfully disrupted the operations of two prolific infostealers—Redline and Meta. This significant action marks a major step forward in curbing the illegal activities of cybercriminal groups that have long relied on infostealers to steal sensitive information.
What Are Infostealers?
Infostealers are a type of malware designed to infiltrate systems and collect valuable data such as login credentials, financial information, and other sensitive details. Once deployed, the infostealers scan infected devices for passwords, browser cookies, autofill data, and even saved credit card information. Cybercriminals then sell or exploit this data to gain unauthorised access to victims' accounts, leading to malicious activities like financial fraud, identity theft, or, in high-profile cases, large-scale breaches.
Redline and Meta infostealer malware are highly popular among cybercriminals. One example of their use in a high-profile attack is being used by Scattered Spider, the group behind the massive MGM Resorts cyber attack. They used stolen credentials from infostealer logs to gain initial access to the company’s systems. This breach, which resulted in millions of dollars in damages, illustrates how infostealers are often a critical tool in facilitating larger cyber attacks—making them a priority for law enforcement.
How DynaRisk is Monitoring Infostealers
At DynaRisk, infostealer data plays a crucial role in our industry-leading dataset. By incorporating infostealer monitoring into our cyber risk management and monitoring products, we can detect if customers or employees have had their credentials compromised by infostealer malware like Redline or Meta. This enables our clients to respond to threats early, taking preventative actions before significant damage occurs.
While infostealers may be invisible to the average user, their impact can be devastating. This malware can steal authentication cookies, potentially bypassing two-factor authentication (2FA), and they often self-remove, leaving no trace of infection. This makes them particularly dangerous for both individuals and organisations.
What’s Next for Operation Magnus?
As Operation Magnus continues, involved parties will be notified, and legal actions against the operators behind Redline and Meta are already underway. This takedown highlights the importance of international cooperation in disrupting organised cybercrime activities.
Want to Learn More?
Keen to hear more about how our cyber risk management software and services help individuals and organisations prevent cyber-attacks? Contact us for more information.
Or, take advantage of our free company security scan to check if your business, client, or prospect has been affected by info stealers.