Alleged RedLine Malware Administrator Extradited to US

Summary

Hambardzum Minasyan of Armenia has been extradited to the United States and charged with administering the RedLine infostealer malware, including managing command-and-control infrastructure, collecting affiliate payments, and distributing the malware. RedLine is a widely used malware-as-a-service offering that steals browser credentials, cryptocurrency wallets, VPN data, and other sensitive information. Minasyan faces charges including conspiracy to commit access device fraud and money laundering, with potential sentences of up to 20 years.

Full text

Armenian national Hambardzum Minasyan has been extradited to the United States over his alleged role in the administration of the RedLine infostealer malware. The US Justice Department announced Minasyan’s first appearance in a Texas court on Wednesday. According to authorities, the man was involved in maintaining the malware’s infrastructure, including command-and-control servers and administration panels used by affiliates. He also allegedly collected payments from affiliates and handled support requests. “The indictment alleges that Minasyan registered two virtual private servers to host portions of RedLine’s infrastructure as well as two internet domains in support of the RedLine scheme,” the DOJ said. “He also allegedly created repositories on an online file sharing site that were used to distribute RedLine to affiliates. In November 2021, he allegedly registered a cryptocurrency account that was used to receive payments from RedLine affiliates,” the DOJ added. Minasyan has been charged with conspiracy to commit access device fraud, conspiracy to commit money laundering, and conspiracy to violate the CFAA. He faces up to 10 years in prison for access device fraud and up to 20 years in prison for the remaining counts.Advertisement. Scroll to continue reading. RedLine is a widely used information stealer offered via a malware-as-a-service model, enabling cybercriminals to steal browser credentials, cryptocurrency wallet data, VPN credentials, and other information. The malware emerged in 2020 and was targeted in an international law enforcement operation in October 2024. However, the takedown effort had limited impact, and RedLine remains one of the most popular infostealers among cybercriminals, frequently cited by security firms as a leading threat in the category. In mid-2025, the US Department of State announced a $10 million reward for information on Maxim Alexandrovich Rudometov, who is believed to be the main developer and administrator of RedLine. Rudometov was born in Ukraine, but fled to Russia in early 2022. Related: US Prisons Russian Access Broker for Aiding Ransomware Attacks Related: Russian Cybercriminal Gets 2-Year Prison Sentence in US Related: Aisuru and Kimwolf DDoS Botnets Disrupted in International Operation Written By Eduard Kovacs Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering. More from Eduard Kovacs US Prisons Russian Access Broker for Aiding Ransomware AttacksHackerOne Employee Data Exposed in Massive Navia BreachStryker Says Malicious File Found During Probe Into Iran-Linked AttackM-Trends 2026: Initial Access Handoff Shrinks From Hours to 22 SecondsOracle Releases Emergency Patch for Critical Identity Manager VulnerabilityCritical Quest KACE Vulnerability Potentially Exploited in AttacksUS Confirms Handala Link to Iran Government Amid Takedown of Hackers’ SitesAisuru and Kimwolf DDoS Botnets Disrupted in International Operation Latest News Dell and HP Roll Out Quantum-Resistant Device Security and AI-Era Cyber ResilienceOnit Security Raises $11 Million for Exposure Management PlatformRussian Cybercriminal Gets 2-Year Prison Sentence in US AI Speeds Attacks, But Identity Remains Cybersecurity’s Weakest LinkiOS, macOS 26.4 Roll Out With Fresh Security PatchesFCC Bans New Routers Made Outside the US Over National Security RisksRSAC 2026 Conference Announcements Summary (Day 2)From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Securing Fragile OT in an Exposed World March 10, 2026 Get a candid look at the current OT threat landscape as we move past "doom and gloom" to discuss the mechanics of modern OT exposure. Register Webinar: Why Automated Pentesting Alone Is Not Enough April 7, 2026 Join our live diagnostic session to expose hidden coverage gaps and shift from flawed tool-level evaluations to a comprehensive, program-level validation discipline. Register People on the MoveThe US Senate confirmed Markwayne Mullin as DHS Secretary.7AI has appointed Israel Barak as its first Chief Information Security Officer.Brian Harrell has been appointed Chief Security Officer at FirstEnergy.More People On The MoveExpert Insights Why Agentic AI Systems Need Better Governance – Lessons from OpenClaw Agentic AI platforms are shifting from passive recommendation tools to autonomous action-takers with real system access, (Etay Maor) The Human IOC: Why Security Professionals Struggle with Social Vetting Applying SOC-level rigor to the rumors, politics, and 'human intel' can make or break a security team. (Joshua Goldfarb) How to 10x Your Vulnerability Management Program in the Agentic Era The evolution of vulnerability management in the agentic era is characterized by continuous telemetry, contextual prioritization and the ultimate goal of agentic remediation. (Nadir Izrael) SIM Swaps Expose a Critical Flaw in Identity Security SIM swap attacks exploit misplaced trust in phone numbers and human processes to bypass authentication controls and seize high-value accounts. (Torsten George) Four Risks Boards Cannot Treat as Background Noise The goal isn’t about preventing every attack but about keeping the business running when attacks succeed. (Steve Durbin) Flipboard Reddit Whatsapp Whatsapp Email

Indicators of Compromise

• malware — RedLine
• malware — RedLine infostealer