Microsoft's Takedown of RedVDS
Microsoft has made a significant move in the fight against cybercrime by disrupting RedVDS, a platform that has been linked to at least $40 million in reported losses in the United States alone since March 2025.
The company filed civil lawsuits in the United States and the United Kingdom, seizing malicious infrastructure and taking RedVDS's marketplace and customer portal offline as part of a broader international operation with Europol and German authorities.
The RedVDS Platform
RedVDS provided criminals with access to disposable virtual computers for as little as $24 a month, making fraud cheap, scalable, and difficult to trace. The platform rented servers from third-party hosting providers across the United States, the United Kingdom, France, Canada, the Netherlands, and Germany.
This allowed criminals to provision IP addresses geographically close to targets and easily evade location-based security filters. Investigators found that RedVDS customers deployed a wide range of malware and malicious tools on rented servers, including mass-mailing utilities, email address harvesters, privacy tools, and remote-access software.
The Impact of RedVDS
The service allowed criminals to send mass phishing emails, host scam infrastructure, and facilitate fraud schemes while maintaining anonymity through cryptocurrency payments. RedVDS servers were also used in credential theft, account takeovers, business email compromise (also known as payment diversion) attacks, and real estate payment diversion scams.
Microsoft found that many of RedVDS's customers have also used artificial intelligence tools, including ChatGPT, in their attacks to generate more convincing phishing emails, while others used face-swapping, video manipulation, and voice cloning to impersonate various trusted organizations and individuals.
Conclusion
The disruption of RedVDS is a significant blow to the cybercrime ecosystem, and it highlights the importance of international cooperation in the fight against cybercrime. As the use of artificial intelligence and other advanced technologies becomes more prevalent in cyberattacks, it is essential for security teams to stay vigilant and adapt to these new threats.