The tech giant seized infrastructure and domains of the global operation and now is going after its payment networks and operators.

Security Boulevard is a leading cybersecurity news and information portal, offering articles, analysis, and insights on cybersecurity threats, vulnerabilities, and best practices. From the latest trends in cyber threats to expert commentary on security technologies and compliance frameworks, Security Boulevard provides resources for security professionals, IT leaders, and business executives seeking to protect their organizations from cyber attacks and data breaches.

Security Boulevard

Microsoft and European law enforcement disrupted RedVDS, a cybercrime-as-a-service platform operating since 2019 that provided threat actors with cheap virtual dedicated servers ($24/month) to run phishing, business email compromise, and fraud campaigns. The operation seized RedVDS infrastructure and domains after the service helped steal $40 million since March 2025, compromising over 191,000 organizations globally. RedVDS used unlicensed Windows installations and cryptocurrency payments to provide disposable servers that sent an average of 1 million phishing messages daily, with attackers increasingly leveraging AI tools for deepfakes and voice cloning to enhance their scams.

Microsoft, Law Enforcement Disrupt RedVDS Global Cybercrime Service