Microsoft teamed up with law enforcement to target RedVDS, a cybercrime service that has facilitated a wide range of malicious activities.
RedVDS enables threat actors to set up servers that can be used for phishing, business email compromise (BEC) attacks, account takeover, and fraud.
According to Microsoft, RedVDS has tens of thousands of customers across the globe.
The infrastructure used by RedVDS has been disrupted as part of a coordinated effort between Microsoft and law enforcement. The operation involved technical actions that were taken to take down the infrastructure and a temporary restraining order that was obtained from a U.S. court.
“We obtained a court order allowing us to seize key infrastructure, cutting off RedVDS customers’ access, and referred evidence of RedVDS’s criminal activity to law enforcement,” Microsoft said.
Microsoft’s investigation showed that RedVDS’ customers have used the service to conduct and enable a wide range of malicious activities, including malware distribution, credential theft, and DDoS attacks.
The tech giant said it started investigating RedVDS in 2021 and its findings have shown that the service allowed cybercriminals with limited technical expertise to conduct attacks, and provided anonymity, which made it more difficult for law enforcement to track threat actors.
“The criminals using RedVDS are responsible for a staggering amount of cybercrime,” Microsoft said. “This action will disrupt their operations and make it more difficult for them to carry out attacks.”
Microsoft has disrupted other cybercrime operations in the past. In April 2024, the company announced that it had disrupted ZLoader, a botnet used for distributing malware. In November 2023, it took down a botnet used for phishing and BEC attacks.
Microsoft has been focusing on disrupting cybercrime operations because it believes it’s a more effective way to combat cyber threats than simply defending against them.
