Microsoft has successfully disrupted the RedVDS cybercrime infrastructure, a global subscription service that facilitated widespread online fraud. This coordinated legal action, involving authorities in the U.S. and U.K., has taken down key malicious servers and domains, significantly hindering criminals' ability to conduct scams.

Key Takeaways

• RedVDS offered disposable virtual computers for as little as $24 per month, enabling scalable and untraceable fraud.

• The service fueled an estimated $40 million in reported fraud losses in the U.S. alone since March 2025.

• Microsoft's Digital Crimes Unit led the operation, collaborating with international law enforcement.

The RedVDS Operation

RedVDS operated as a cybercrime-as-a-service (CaaS) platform, providing criminals with easy access to virtual computers running unlicensed software. This allowed them to conduct various illicit activities anonymously, including high-volume phishing emails, hosting scam infrastructure, business email compromise (BEC) schemes, account takeovers, and financial fraud. The service was particularly attractive due to its low cost, ease of use, and lack of activity logs, making it difficult to trace.

Scale of the Fraud

Since March 2025, RedVDS-enabled activities have been linked to approximately $40 million in reported fraud losses in the United States. Globally, attacks fueled by RedVDS have led to the compromise or fraudulent access of over 191,000 organizations worldwide since September 2025. The service was frequently used in conjunction with generative AI tools to identify high-value targets more efficiently and create more convincing, multimedia phishing messages, including deepfakes and voice cloning for impersonation scams.

International Collaboration and Legal Action

Microsoft's Digital Crimes Unit (DCU) spearheaded the disruption through coordinated legal action in the U.S. and the U.K. This effort involved seizing malicious infrastructure and taking the illegal service offline. The operation was supported by international law enforcement agencies, including German authorities and Europol. The use of U.K. courts was significant as RedVDS infrastructure was hosted by a U.K.-based provider, and many victims were also located in the U.K.

Impact on Various Sectors

The RedVDS platform enabled a wide range of cybercrimes affecting numerous sectors. These included legal, construction, manufacturing, real estate, healthcare, and education. Real estate payment diversion scams were particularly prevalent, with attackers compromising accounts of realtors and title companies to divert closing funds. The service also facilitated sophisticated BEC schemes, where attackers impersonated trusted parties to redirect payments, often within seconds.

Microsoft's Ongoing Efforts

This action against RedVDS is part of Microsoft's sustained strategy to dismantle the services that cybercriminals rely on. It marks the 35th civil action taken by the DCU targeting cybercrime infrastructure. Microsoft continues to collaborate with partners across sectors and borders to identify and disrupt the infrastructure behind cyber-enabled fraud, aiming to make it harder for criminals to profit and easier for individuals and organizations to stay safe online.

Sources

• Microsoft Legal Action Disrupts RedVDS Cybercrime Infrastructure Used for Online Fraud, The Hacker News.

• Microsoft disrupts global cybercrime subscription service responsible for millions in fraud losses -Microsoft On the Issues, The Official Microsoft Blog.

• Microsoft disrupts RedVDS cybercrime platform behind $40 million in scam losses, The Record from Recorded Future News.

• Microsoft disrupts cyber-crime-as-a-service network with UK help, DIGIT.FYI.

• Microsoft DCU uses UK courts to hunt down cyber criminals, Computer Weekly.