Jakarta, INTI - Microsoft and European law enforcement agencies have dismantled RedVDS, a platform that provided digital infrastructure for a wide range of cybercriminal activities. As part of the operation, Microsoft successfully seized a website deemed to pose significant security risks.
According to PCMag, RedVDS’s primary domain was widely used to facilitate hacking attacks worldwide. The platform has been operating since 2017, offering low-cost access to Windows-based virtual machines.
Hackers reportedly paid as little as US$24 per month to carry out large-scale phishing campaigns. Official findings revealed that more than 2,600 virtual machines hosted on the platform were capable of distributing up to one million fraudulent messages daily.
The attacks mainly targeted Microsoft users, aiming to steal login credentials and distribute malicious malware. German police stated that RedVDS had amassed a large user base exceeding 13,000 individuals.
“In just one month, more than 2,600 different RedVDS virtual machines sent an average of one million phishing messages per day to Microsoft customers alone," Microsoft wrote in its official statement, quoted on Saturday, January 16, 2026.
The tactics commonly used by cybercriminals include business email compromise, in which attackers take over the email accounts of company executives to mislead employees. The real estate sector has also been among the primary targets of these attacks.
Global Impact Across Multiple Sectors
Since September 2025, more than 191,000 organizations worldwide have fallen victim to unauthorized access linked to RedVDS infrastructure. The most significant impacts have been reported in the construction, manufacturing, healthcare, and legal services sectors across multiple countries.
The platform’s main domain has now been replaced with an official seizure notice issued by Europol and the law firm Orrick. Despite the takedown, authorities continue to urge the public to remain alert to suspicious emails, even when messages appear to originate from legitimate sources.
Conclusion
The takedown of RedVDS marks a significant step in disrupting global cybercrime networks and highlights the importance of collaboration between technology companies and law enforcement agencies. While the operation has removed a major source of criminal infrastructure, authorities continue to stress the need for vigilance, as cyber threats remain persistent and increasingly sophisticated.
Read more: Indonesia’s Communications Ministry Seeks Clarification from Meta Over Instagram User Data Security Issues