US names and charges Maxim Rudometov with developing the Redline infostealer

Avatar

Authorities in the United States have identified and charged Maxim Rudometov, a Russian believed to reside in the city of Krasnodar, with developing and administering the notorious Redline infostealer malware.

The complaint against Rudometov, signed in the Western District of Texas almost two years ago but unsealed on Tuesday, reveals how he was identified through a series of sloppy security errors — including associating one of his hacking handles with a dating profile.

The charges follow the Dutch National Police announcing on Monday that they had gained “full access” to all of the servers used by both the Redline and Meta infostealers, and were using that access to identify the cybercriminals involved in both developing the tools and using them to defraud victims.

Redline was one of the most widely used tools by cybercriminals until the takedown on Monday, which the Dutch police said had left both malware tools “no longer functioning,” even for victims who had already been infected.

Two people have been arrested following the disruption, codenamed Operation Magnus, with one being released on bail, added the Dutch police.

The Redline and Meta accounts on the social messaging platform Telegram have also been taken down according to the Dutch police, who said: “Until recently criminals considered themselves untouchable on this communication platform. By the takedown it’s clear that this is no longer the case.”

Read more: Durov says Telegram will share the data of ‘bad actors’ with authorities

The 18-page complaint against Rudometov sets out how he was identified by a special agent with the U.S. Naval Criminal Investigative Service (NCIS) assigned to the FBI’s Cyber Task Force in Austin, Texas.

Among the alleged hacker’s numerous failures are the repeated use of a Yandex email address to register accounts on Russian-language hacking forums using a handful of monikers that were also adopted on other platforms.

These platforms included Skype and the social media service VK, as well as an Apple account registered by the Yandex email account.

The investigators were able to retrieve data from Rudometov’s iCloud account, including “numerous files that were identified by antivirus engines as malware, including at least one that was analyzed by the Department of Defence Cyber Center (“DC3”) and determined to be Redline.

“In addition to the registration information indicating RUDOMETOV was the owner of the Apple account, the account contained photos that included RUDOMETOV’s official identification documents and apparent personal photos,” stated the complaint.

A profile on the VK platform’s dating site — which states Rudometov had liked 89 other users and received no likes in return — contains his cybercrime moniker “ghacking” in his main username. Pictures from his dating profile and other online accounts were also included in the criminal complaint.

Rudometov has been charged with access device fraud, conspiracy to commit computer intrusion, and money laundering. If convicted on all counts he faces a total of 35 years in prison.

MalwarePeopleCybercrimeNews
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Alexander Martin

is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.

 

Total
0
Shares
Previous Post

Russia and China-linked state hackers intensify attacks on Netherlands, security officials warn

Next Post

Russia arrests hacker accused of preventing electronic voting during local election

Related Posts

North Korean Hackers Deploy New MoonPeak Trojan in Cyber Campaign

A new remote access trojan called MoonPeak has been discovered as being used by a state-sponsored North Korean threat activity cluster as part of a new campaign. Cisco Talos attributed the malicious cyber campaign to a hacking group it tracks as UAT-5394, which it said exhibits some level of tactical overlaps with a known nation-state actor codenamed Kimsuky. MoonPeak, under active development
Avatar
Read More