What was the RedVDS platform seized by Microsoft?

RedVDS was a platform sold access to virtual machines that fueled cybercrime, including phishing and online scams.

How did hackers use AI with RedVDS?

Hackers used generative AI tools to identify new targets and create more believable phishing messages on RedVDS.

What was the impact of RedVDS attacks?

RedVDS-enabled attacks led to the compromise or fraudulent access of over 191,000 organizations worldwide.

Home / Crime and Justice / Microsoft and Police Dismantle Major Cybercrime Platform

Microsoft and Police Dismantle Major Cybercrime Platform

15 Jan

•

Summary

RedVDS sold virtual machines to fuel cybercrime since 2017.
Hackers used AI to identify targets and craft phishing messages.
Over 191,000 organizations worldwide were affected by RedVDS attacks.

Microsoft and Police Dismantle Major Cybercrime Platform

A significant cybercrime infrastructure known as RedVDS has been dismantled through a coordinated effort between Microsoft and European law enforcement. This platform, operational since at least 2017, provided virtual machines for malicious activities, including phishing campaigns and online scams, with a low monthly subscription starting at $24.

Microsoft reported that in a single month, RedVDS virtual machines were responsible for an average of one million phishing messages daily targeting their customers alone. Law enforcement in Germany indicated that the service had over 13,000 users, many of whom were adopting generative AI tools to improve their targeting and craft more convincing fraudulent communications.

These attacks, particularly "business email compromise" schemes, led to the compromise or fraudulent access of more than 191,000 organizations globally. The takedown involved seizing domains and nearly 70 servers, with ongoing efforts to identify the individuals behind the operation.