Uncle Sam Puts $10m Bounty On Redline Dev And Russia Backed Cronies

The US government is offering up to $10 million for information on foreign government-backed threat actors linked to the RedLine malware, including its suspected developer, Maxim Alexandrovich Rudometov.

The State Department, which administers the Rewards for Justice, urges anyone with information on Rudometov, his associates, and their malicious cyber activities to contact the Tor-based tips-reporting channel: 

Rudometov was born in Ukraine in 1999 and fled to Krasnodar, Russia, after Russia invaded. As of last fall, he’s believed to still reside in Krasnodar, based on an IP address used to play a mobile game while logged into an Apple iCloud account that the FBI says belongs to Rudometov.

Plus, the feds also uncovered several photos in his iCloud account that had metadata indicating they were taken in Krasnodar.

But before he left Ukraine, Rudometov developed a data-stealing malware called Redline that the feds say has been used to infect millions of computers worldwide since February 2020.

Last October, international law enforcement officials arrested two individuals in Belgium and charged Rudometov with the use and distribution of the Redline and Meta infostealer malware strains.

The criminal charges against Rudometov followed a years-long FBI investigation that involved connecting Rudometov’s online monikers, email and IP addresses, an iCloud account he reportedly used for gaming and code sharing, and his dating and social media profiles.

Rudometov sold RedLine through a malware-as-a-service model, letting cybercriminals buy access and run their own campaigns. According to Rewards for Justice, the malware has also been used in intrusions by threat actors believed to be working on behalf of foreign governments. While no one’s naming names, we’re going to go out on a limb and say these are Kremlin hackers doing Putin’s dirty work.

Redline’s data-stealing code scoops up victims’ personal and financial information, saved credentials, and cryptocurrency access tokens, then sends this sensitive info to a server controlled by a Redline affiliate. 

The crooks then sell these stolen credentials, cookies, and bank accounts on dark-web markets. As recently as last month, VPN vendor NordVPN spotted nearly 94 billion stolen cookies listed for sale either on dark web or Telegram-based marketplaces — and Redline was linked to 44 percent of these.

Redline was also one of the infostealers used to harvest Snowflake customers’ valid credentials, which criminals then used to break into their cloud databases and swipe terabytes of data affecting hundreds of millions of people. ®

Original Source