Microsoft declared on Wednesday that it has launched a "coordinated legal action" in the United States and the United Kingdom to stop RedVDS, a cybercrime subscription service that has allegedly contributed to millions of dollars' worth of fraud losses This article explores stop redvds cybercrime. . According to the tech giant, it has been able to take down the illegal service ("redvds[.

]com") and seize the malicious infrastructure as part of a larger law enforcement effort in cooperation with law enforcement authorities. According to Steven Masada, assistant general counsel of Microsoft's Digital Crimes Unit, "RedVDS gives criminals access to disposable virtual computers that make fraud cheap, scalable, and difficult to trace for as little as US $24 a month."

The infrastructure was specifically used to host a toolkit that included both malicious and dual-use software: tools for mass spam and phishing emails, such as SuperMailer, UltraMailer, BlueMail, SquadMailer, and Email Sorter Pro/Ultimate; tools for harvesting or validating a large number of email addresses, such as Sky Email Extractor; and tools for privacy and OPSEC, such as Waterfox, Avast Secure Browser, Norton Private Browser, NordVPN, and ExpressVPN. While other RedVDS users used ChatGPT or other OpenAI tools to create phishing lures, obtain information about organizational workflows to commit fraud, and distribute phishing messages intended to harvest credentials and take control of victims' accounts, one threat actor allegedly used the provisioned hosts to programmatically (and unsuccessfully) send emails via Microsoft Power Automate (Flow) using Excel.

The ultimate objective of these attacks is to create extremely convincing BEC scams, which allow threat actors to insert themselves into genuine email exchanges with suppliers and create false invoices in order to deceive targets into sending money to a mule account that they control. It's interesting to note that RedVDS's Terms of Service forbade users from sending phishing emails, spreading malware, sending illicit content, scanning systems for security flaws, or launching denial-of-service (DoS) attacks. This implies the threat actors' seeming attempt to reduce or avoid responsibility.

Microsoft added that it "identified attacks showing thousands of stolen credentials, invoices stolen from target organizations, mass mailers, and phish kits, indicating that multiple Windows hosts were all created from the same base Windows installation." The majority of the hosts were created using a single computer ID, indicating that the same Windows Eval 2022 license was used to create them, according to further investigations.