Microsoft has successfully disrupted the RedVDS cybercrime platform, which facilitated extensive fraud and malware attacks globally. This operation involved legal actions, infrastructure seizure, and collaboration with international law enforcement to dismantle the service and protect victims. #RedVDS #Storm-0259
Keypoints
- RedVDS operated as a cybercrime-as-a-service platform selling virtual Windows servers since 2019.
- Microsoftβs investigation traced the operator, Storm-2470, using a fingerprint from cloned Windows Server images.
- The platform rented servers across multiple countries, allowing criminals to evade security defenses.
- RedVDS customers deployed malware, phishing tools, and used AI to enhance attack effectiveness.
- Over 191,000 organizations worldwide have been impacted by RedVDS-enabled cyberattacks since September 2025.