Microsoft has announced that it has disrupted RedVDS, a large cybercrime platform connected to more than $40 million in reported losses in the United States since March 2025.

The action was taken as part of an international effort to shut down services that enable large-scale online fraud.

The company filed civil lawsuits in both the United States and the United Kingdom, which allowed it to seize key infrastructure used by RedVDS. As a result, the platform’s online marketplace and customer portal have been taken offline. The operation was carried out in coordination with Europol and German law enforcement agencies.

Two victims of RedVDS-backed fraud joined Microsoft as co-plaintiffs in the legal action. H2-Pharma, an Alabama-based pharmaceutical firm, lost $7.3 million in a business email compromise scam. The Gatehouse Dock Condominium Association in Florida also lost nearly $500,000 in resident funds due to a similar fraud scheme.

According to Microsoft, RedVDS offered cybercriminals access to disposable virtual Windows computers for as little as $24 per month. These systems made it easy for criminals to launch phishing attacks, scams, and fraud while remaining difficult to trace. Microsoft said such services have become a major driver behind the rapid growth of cyber-enabled crime worldwide.

RedVDS has been operating since 2019 and functioned as a cybercrime-as-a-service platform. It sold unrestricted access to virtual Windows servers with full administrator control to multiple criminal groups. Microsoft’s investigation revealed that all of the platform’s virtual machines were created from a single cloned Windows Server image, leaving a unique technical fingerprint that helped investigators track its activity.

READ
WhatsApp Introduces Usernames to Let Users Chat Without Sharing Phone Numbers

The platform relied on third-party hosting providers across several countries, including the United States, the United Kingdom, France, Canada, the Netherlands, and Germany. This allowed criminals to use IP addresses close to their targets and bypass location-based security checks.

Investigators found that RedVDS customers used the rented servers to deploy phishing tools, malware, email harvesters, remote-access software, and privacy tools. These servers were used to send mass phishing emails, host scam websites, steal login credentials, and carry out business email compromise and real estate payment diversion scams.

Microsoft also discovered that some criminals used artificial intelligence tools, including ChatGPT, to write more convincing phishing messages. Others relied on face-swapping, video manipulation, and voice cloning to impersonate trusted individuals and organizations.

In just one month, attackers controlling more than 2,600 RedVDS virtual machines sent an average of one million phishing emails per day to Microsoft customers. Over the past four months, these attacks led to the compromise of nearly 200,000 Microsoft accounts. Since September 2025, RedVDS-linked attacks have affected more than 191,000 organizations worldwide.


Buy ExpressVPN with PayPal or Credit Card

Microsoft said these numbers represent only a portion of the total damage, showing how quickly criminal infrastructure like RedVDS can scale cyberattacks. The company added that it will continue working with global partners to disrupt similar services, following earlier operations such as the takedown of the RaccoonO365 phishing network in coordination with Cloudflare.

Advertisement