A global law enforcement operation disrupted the infrastructure for Red line and Meta information thievesmalware tools widely used by cybercriminal groups to steal sensitive personal data.

Operation Magnus took place on October 28, with law enforcement shutting down three servers used to run the malware in the Netherlands and seizing two domains.

This means that the malware is no longer functional and cannot currently be used to steal new data from infected victims.

Authorities have also seized a database of thousands of Redline and Meta customers and will continue their investigations into these criminal actors.

An administrator of the information stealers was indicted in the US and two suspected customers were taken into custody in Belgium. One has since been released.

In addition, several Telegram accounts used to distribute information thieves have been removed.

The operation was prompted by a tip from cybersecurity firm ESET about servers in the Netherlands linked to malware. It initiated an investigation more than a year ago, which provided information about the technical infrastructure of the info stealers, the communication channels used and the entire user base.

During the investigation, authorities discovered that more than 1,200 servers in dozens of countries were running the malware.

Following the hack, the Dutch National Police sent a message to the actors behind the data thieves via a dedicated message Operation Chronos website. It included a video showing that the international coalition of authorities was able to obtain critical data about their network and will shut down their criminal activities.

After the message was sent, Belgian authorities shut down several Redline and Meta communication channels.

website, www.operation-magnus.comappears to be offline at the time of writing.

Operation Magnus involved law enforcement agencies from the Netherlands, the US, Belgium, Portugal, the UK and Australia, coordinated by the European Union Agency for Criminal Justice Cooperation (Eurojust).

Redline and Meta Responsible for millions of casualties

Redline and Meta are information thievesdesigned to steal personal data from the victim’s devices, including usernames and passwords, and automatically saved form data such as addresses, email addresses, phone numbers, cryptocurrency wallets, and cookies.

After retrieving this information, the information theft operators sell the data to other cybercriminals through criminal markets. Those who acquire this data then use it for further activities, including identity theft, financial fraud and ransomware attacks.

Dutch police noted that Redline and Meta are among the most notorious data thefts worldwide, operating for years and claiming millions of victims.

Eurojust said a private security company had launched an online tool to allow people to check if their data had been stolen, with further details available on the Operation Cronos website.

In June 2024, a law enforcement operation led by the UK’s National Crime Agency (NCA) removed the infrastructure used to host the Cobalt Strike tool.