Second RedLine infostealer operator ends up in US custody

Hambardzum Minasyan, an Armenian man extradited to the United States, is accused of conspiring with others to develop and operate the RedLine infostealer malware used to steal sensitive data, including login credentials, from victims’ computers.

Minasyan is charged with conspiracy to commit access device fraud, conspiracy to violate the Computer Fraud and Abuse Act, and conspiracy to commit money laundering. If convicted, he faces up to 10 years in prison on the access device fraud count and up to 20 years on each of the other charges.

According to the indictment, the suspect allegedly registered two virtual private servers to host parts of RedLine’s infrastructure and two internet domains to support the scheme. Authorities believe he created repositories on a file-sharing site to distribute the malware to affiliates and registered a cryptocurrency account in November 2021 to receive payments.

“The conspirators maintained digital infrastructure, including C2 servers and administrative panels to enable the deployment of the malware by affiliates, and collected payments from RedLine affiliates, allowing the affiliates to use the infostealer against victims,” prosecutors said.

In October 2024, the Justice Department joined authorities in the Netherlands, Belgium, and Eurojust in an international operation targeting the RedLine infostealer.

Officials also launched a public website with resources for victims and unsealed charges against co-conspirator Maxim Rudometov, identified as a developer and administrator of the malware.