Alleged RedLine infostealer conspirator extradited to US

Summary

Hambardzum Minasyan, an Armenian national, was extradited to the United States and charged with conspiracy to commit access device fraud, CFAA violations, and money laundering for his alleged role administering RedLine, one of the world's most prevalent infostealing malware variants. Minasyan allegedly registered VPS infrastructure, distributed the malware to affiliates, and laundered proceeds through cryptocurrency. The extradition is part of Operation Magnus, a 2024 coordinated enforcement action by the US DOJ, Belgium, Netherlands, and Eurojust that also targeted the derivative Meta infostealer and charged Russian developer Maxim Rudometov.

Full text

An operation to crack down on the widely used RedLine infostealer has netted the extradition of an Armenian man to the United States, where he made an initial appearance in a Texas court Wednesday. Authorities charged Hambardzum Minasyan with conspiracy to commit access device fraud, conspiracy to violate the Computer Fraud and Abuse Act and conspiracy to commit money laundering for his alleged role with RedLine. Infostealers thieve billions of user credentials such as passwords annually. “Hambardzum Minasyan allegedly conspired with others to enrich himself by developing and administering RedLine, one of the most prevalent infostealing malware variants in the world, which has previously been used to conduct intrusions against major corporations,” a Justice Department news release said. “When executed, RedLine would steal data, including access devices, from victims’ computers.” According to a summary of the indictment, Minasyan allegedly registered two virtual private servers to host RedLine, established repositories of online file sharing for distributing Redline to affiliates and registered a cryptocurrency account to receive affiliate payments. Collectively, the conspirators also responded to questions and requests from affiliates, conspired to steal and own financial information and laundered cybercrime proceeds through cryptocurrency exchanges, the indictment states. In 2024, the U.S. Justice Department teamed with Belgium, the Netherlands, Eurojust and others on Operation Magnus to disrupt the RedLine and Meta infostealers, the latter of which derived from the former. That same year, the Justice Department charged a Russian man, Maxim Rudometov, for his alleged role in developing RedLine. Eurojust assisted with the extradition of Minasyan. Court records related to Minasyan’s case had not been posted on the Pacer court system as of Wednesday afternoon. The U.S. Attorney’s Office for the Western District of Texas, which is prosecuting the case, did not immediately respond to requests for a copy of the indictment. Share Facebook LinkedIn Twitter Copy Link

Indicators of Compromise

• malware — RedLine
• malware — Meta