Cybersecurity

Microsoft Disrupts Massive Redvds Cybercrime Virtual Desktop Service

2026-01-15 0 views admin
Microsoft Disrupts Massive Redvds Cybercrime Virtual Desktop Service

Microsoft announced on Wednesday that it disrupted RedVDS, a massive cybercrime platform linked to at least $40 million in reported losses in the United States alone since March 2025.

Microsoft filed civil lawsuits in the United States and the United Kingdom, seizing malicious infrastructure and taking RedVDS's marketplace and customer portal offline as part of a broader international operation with Europol and German authorities.

Two co-plaintiffs joined Microsoft in this action: H2-Pharma, an Alabama pharmaceutical company that lost $7.3 million in a business email compromise scheme, and the Gatehouse Dock Condominium Association in Florida, which lost nearly $500,000 in resident funds.

"For as little as $24 a month, RedVDS provides criminals with access to disposable virtual computers that make fraud cheap, scalable, and difficult to trace," said Steven Masada, assistant general counsel in Microsoft's Digital Crimes Unit.

"Services like these have quietly become a driving force behind today's surge in cyber‑enabled crime, powering attacks that harm individuals, businesses, and communities worldwide."

​RedVDS operated as a cybercrime-as-a-service platform since 2019 (using the redvds[.]com, redvds[.]pro, and vdspanel[.]space domains), selling access to virtual Windows cloud servers with administrator control and no usage limits to multiple cybercriminal groups, including threat actors tracked as Storm-0259, Storm-2227, Storm-1575, and Storm-1747.

Microsoft's investigation found that RedVDS's developer and operator (tracked as Storm-2470) created all virtual machines from a single cloned Windows Server 2022 image. This left a distinctive technical fingerprint, with all instances sharing the same computer name, WIN-BUNS25TD77J, an anomaly that helped investigators track the service's operations across malicious campaigns.

RedVDS rented servers from third-party hosting providers across the United States, the United Kingdom, France, Canada, the Netherlands, and Germany. This allowed criminals to provision IP addresses geographically close to targets and easily evade location-based security filters.

The service allowed criminals to send mass phishing emails, host scam infrastructure, and facilitate fraud schemes while maintaining anonymity through cryptocurrency payments.

RedVDS servers were also used in credential theft, account takeovers, business email compromise (also known as payment diversion) attacks, and real estate payment diversion scams, w

Source: BleepingComputer

🏷️ Tags

securityattackthreat

More from Cybersecurity

Google Plans To Make Chrome For Android An Agentic Browser With Gemini

Google Plans To Make Chrome For Android An Agentic Browser With Gemini

2026-01-15 0
Google's Personal Intelligence Links Gmail, Photos And Search To

Google's Personal Intelligence Links Gmail, Photos And Search To

2026-01-15 0
Essential Guide: Openai's Hidden Chatgpt Translate Tool Takes On Google Translate

Essential Guide: Openai's Hidden Chatgpt Translate Tool Takes On Google Translate

2026-01-14 0
South Korean Giant Kyowon Confirms Data Theft In Ransomware Attack - Expert Insights

South Korean Giant Kyowon Confirms Data Theft In Ransomware Attack - Expert Insights

2026-01-14 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views