U.S. prosecutors have formally charged Russian national Maxim Rudometov for his central role in the development and distribution of Redline, a notorious password-stealing malware that has compromised millions of devices worldwide, including systems belonging to the U.S. Department of Defense.
Operation Magnus: Dismantling Global Malware Infrastructure
The charges follow the unveiling of “Operation Magnus,” a massive multi-agency international crackdown led by the Dutch National Police. This long-term investigation successfully dismantled the core infrastructure powering both Redline and Meta, two of the most prolific information-stealing malwares currently in circulation.
The Fatal OpSec Blunders
The unsealed criminal complaint details how Rudometov’s own operational security (opsec) failures paved the way for his identification. Investigators tracked Rudometov through a Yandex email account linked to various Russian-language hacking forums. By reusing specific monikers across these forums, as well as on Skype and iCloud, he provided authorities with a clear digital trail.
Most damagingly, U.S. authorities accessed Rudometov’s iCloud account, where they discovered actual malware files identified by antivirus engines as Redline. The same Yandex email address was also used to manage a public profile on the Russian social network VK, where his identity was cross-referenced with advertisements promoting his expertise in building botnets and stealers.
The investigation took a definitive turn in August 2021 after a tip from a security firm led authorities to secure a search warrant for a Redline server. This yielded critical data, including IP addresses and a Binance cryptocurrency account linked to the same Yandex email, cementing the connection between Rudometov and the malware’s deployment.
Impact and Legal Consequences
According to the Department of Justice, Rudometov managed the Redline infrastructure, handled cryptocurrency payments for the illicit service, and possessed the malware source code. Since February 2020, Redline has infected millions of systems, including hundreds of computers utilized by the U.S. Department of Defense.
While it remains unclear if Rudometov is currently in custody, he faces a potential prison sentence of up to 35 years if convicted.
International Law Enforcement Success
Europol and Dutch authorities confirmed that Operation Magnus successfully neutralized three servers in the Netherlands and seized two primary command-and-control domains. Furthermore, the operation shuttered multiple Telegram accounts used for sales and distribution. As a direct result of these efforts, the sale of Redline and Meta stealers has been effectively halted, with two additional individuals arrested in Belgium.