Overview
- Microsoft unsealed civil actions in the Southern District of Florida and the U.K., enabling domain seizures that shut down the RedVDS marketplace and customer portal.
- Europol and German authorities participated in the operation, with prosecutors in Frankfurt and Brandenburg state police seizing servers tied to the service.
- Microsoft reports at least $40 million in U.S. losses since March 2025 and more than 191,000 Microsoft email accounts compromised across over 130,000 organizations.
- RedVDS rented disposable Windows virtual machines for about $24 per month using unlicensed images, accelerating phishing and business email compromise, with over 9,000 real estate customers affected in Canada and Australia.
- Named victims H2‑Pharma and Gatehouse Dock Condominium Association joined as co‑plaintiffs as investigators pursue attribution of operators tracked by Microsoft as Storm‑2470.