Microsoft Cracks Down on RedVDS Platform Linked to Widespread Online Fraud and Email Scams

Microsoft revealed an enormous disruption in RedVDS, a large cybercrime platform connected to extensive online fraud and significant financial losses. According to Microsoft, RedVDS has been associated with at least $40 million in documented losses in the United States alone since March 2025. The action represents one of the most significant crackdowns on cybercrime infrastructure in recent years.

To take down the platform, Microsoft filed civil lawsuits in both the United States and the United Kingdom. As part of this legal action, the company seized key malicious infrastructure and shut down RedVDS’s online marketplace and customer portal. This operation was carried out in coordination with international law enforcement agencies, including Europol and German authorities, highlighting the global nature of modern cybercrime.

RedVDS served as a cybercrime-as-a-service platform, making internet fraud cheap, quick, and difficult to track. For a nominal monthly charge, attackers could rent virtual machines with complete administrative access and no usage restrictions. These virtual servers enabled attackers to send phishing emails, host scam websites, and conduct fraudulent operations without disclosing their true identities. Payments were made via cryptocurrency, which added an extra layer of privacy.

Investigations revealed that RedVDS had been active since 2019 and supported multiple cybercriminal groups. All virtual machines were created using a single cloned server image, which left behind a unique technical pattern. This mistake helped investigators track RedVDS activity across different attacks and campaigns. The platform also used servers in multiple countries, allowing criminals to appear locally based and bypass security filters.

The RedVDS servers were utilized for a variety of cyber threats, including phishing attacks, credential theft, account takeovers, and business email breach campaigns. In some cases, fraudsters targeted real estate deals and corporate payments, resulting in significant financial losses. These frauds apparently affected over 9,000 individuals across many nations.

Microsoft also discovered that many attackers utilizing RedVDS relied on artificial intelligence capabilities to increase their success rate. AI was utilized to improve the effectiveness of phishing emails, as well as to produce fake voices, videos and identities. In just one month, attackers using thousands of RedVDS servers transmitted about one million phishing mails every day, resulting in the compromise of roughly 200,000 accounts.

This takedown shows how cybercrime platforms can rapidly scale attacks and cause global harm. It also highlights the importance of strong cybersecurity, international cooperation, and proactive action to protect users and businesses from evolving digital threats.

Information referenced in this article is from Bleeping Computer