Criminal Subscription Service Behind AI-POWERED Cyber-attacks ...

A cybercriminal subscription services responsible for fraud campaigns causing millions of dollars in losses has been disrupted in coordinated action by Microsoft alongside legal partners in the US and, for the first time, the UK.

On Wednesday January 14, Microsoft announced it had seized the website and infrastructure of RedVDS, a platform which hosted cybercrime-as-a-service tools for phishing and fraud campaigns, which cost users as little as $24 a month.

Despite the low cost of entry, the cybercriminal subscription service is known to have cost victims in the US alone over $40 million since March 2025. These include a cyber-attack against Alabama‑based pharmaceutical company H2-Pharma that caused more than $7.3m in losses and Gatehouse Dock Condominium Association, home association in Florida which  lost over $500,000 to RedVDS hosted campaigns.

In total, Microsoft has identified nearly 190,000 organizations worldwide which fell victim to RedVDS supported campaigns. The US, Canada and the UK were the most impacted countries.

RedVDS provided cybercriminals with access to cheap, effective and disposable virtual computers running unlicensed software, including Windows, allowing criminals to operate quickly and anonymously against victims around the world.

These servers allowed RedVDS to be used for a range of cybercriminal activity, including sending campaigns ranging from high-volume phishing attacks and highly targeted business email compromise (BEC) scams.

As part of the BEC attacks, cybercriminals are known to have quietly observed ongoing communications between victims and their legitimate business partners, before waiting for the right moment to strike, impersonating that contact to request significant wire transfers.

According to Microsoft, RedVDS services were commonly paired with generative AI tools to help criminals quickly identify potentially high-value targets and generate realistic looking phishing emails and associated attachments to mimic legitimate messages the victim would expect to see.

Microsoft also noted that there were hundreds of examples of attackers exploiting AI deepfake videos and voice cloning to impersonate specific individuals and create even more realistic means of deception.

The coordinated action to take down and disrupt RedVDS saw legal action in US and UK combined with support from international law enforcement, including Europol.

Source: InfoSecurity Magazine