Microsoft has partnered with law enforcement in the U.S. and the U.K. to dismantle RedVDS, a cybercrime subscription service that facilitated millions of dollars in fraudulent activity. By seizing the group's infrastructure and taking their websites offline, officials aim to disrupt a platform that provided cheap, untraceable virtual computers to criminals worldwide.

Microsoft recently spearheaded a legal and technical operation to shut down RedVDS, an illicit service that provided the digital infrastructure necessary for large-scale cybercrime. Working alongside international law enforcement, the company seized domains and servers used by the group, which had been operating since 2017. This action targeted a business model known as crimeware-as-a-service, which allows even low-level offenders to launch sophisticated attacks by renting pre-configured tools for a low monthly fee.

The RedVDS platform functioned by selling access to disposable virtual machines and remote desktop servers for as little as 24 dollars a month. These systems came with full administrator privileges and were hosted across multiple countries, including the U.S., Singapore, and the Netherlands. Because the service did not keep activity logs and offered a high degree of anonymity, it became a preferred hub for bad actors to host scam infrastructure and manage high-volume phishing campaigns without being easily traced by authorities.

Beyond basic hosting, the service offered a user-friendly interface that included a reseller panel and integration with Telegram bots for easy management. While its public-facing marketing claimed to provide tools for remote work productivity, the reality was a sophisticated operation that enabled business email compromise and financial fraud. Microsoft estimates that since March 2025, activity facilitated by this specific service has resulted in approximately 40 million dollars in reported losses in the United States.

The professionalization of such services has significantly lowered the barrier to entry for cybercriminals. By providing turnkey solutions like those offered by RedVDS, the underground economy has moved toward a modular system where phishing kits and ransomware are readily available to anyone with a credit card. This shift has led to an increase in the frequency and complexity of attacks, as criminals no longer need deep technical expertise to exploit vulnerabilities or manage illegal networks.

The threat posed by these services is further amplified by the integration of modern technology. Microsoft noted that RedVDS users often combined their virtual servers with generative AI tools to create more convincing phishing emails and multimedia messages. By utilizing face-swapping, voice cloning, and video manipulation, attackers have been able to impersonate trusted individuals with high accuracy, making it increasingly difficult for victims to distinguish between legitimate correspondence and sophisticated fraud schemes.

Source: Microsoft Legal Action Disrupts RedVDS Cybercrime Infrastructure