Microsoft has announced a coordinated legal action with authorities in the United States, United Kingdom, and Germany to disrupt RedVDS, a global cybercrime subscription service responsible for millions of dollars in fraud losses.
The RedVDS Operation
RedVDS operated as a “bulletproof hosting” service, providing cybercriminals with:
- Disposable virtual computers for as little as $24/month
- Anonymity infrastructure that made fraud difficult to trace
- Scalable operations enabling high-volume attacks
- Rapid deployment of new infrastructure when detected
Criminal Use Cases
The service enabled multiple fraud types:
Phishing Operations
- High-volume phishing email campaigns
- Hosting of credential harvesting pages
- Impersonation websites mimicking legitimate brands
Real Estate Payment Diversion
One of the fastest-growing forms of cyber-enabled fraud:
- Attackers intercept real estate transactions
- Fraudulent wire instructions sent to buyers
- Funds diverted to criminal-controlled accounts
Business Email Compromise
- Infrastructure for spoofed email domains
- Hosting for fake invoice portals
- Command and control for email account takeovers
Coordinated Takedown
The operation involved:
- Microsoft Digital Crimes Unit - Legal action and technical analysis
- German authorities - Server seizures
- UK law enforcement - Investigation support
- Europol - International coordination
Impact
The takedown:
- Took the RedVDS marketplace offline
- Disrupted ongoing criminal operations
- Seized infrastructure and evidence
- Identified customers for potential prosecution
Broader Context
Bulletproof hosting services remain a critical enabler of cybercrime. This action demonstrates the effectiveness of public-private partnerships in disrupting criminal infrastructure at scale.