$10M Reward: Hunt for RedLine Malware Creator & State-Sponsored Hackers Intensifies

The U.S. Department of State has announced a reward of up to $10 million for information leading to the identification of hackers working on behalf of foreign governments and connected to the RedLine malware, including its alleged creator, Maksim Rudometov. The reward also extends to intelligence regarding the use of RedLine in cyberattacks targeting critical infrastructure within the United States.

Under the Rewards for Justice program, particular emphasis is placed on information related to cyberattacks conducted under the direction or control of foreign states and in violation of the U.S. Computer Fraud and Abuse Act. Of special interest are individuals involved in cyber operations deploying RedLine—a widely used infostealer designed to exfiltrate user credentials.

The State Department urges anyone with information about Rudometov’s accomplices, their malicious cyber activities, or the deployment of RedLine malware to contact the Rewards for Justice program through its secure Tor-based communication channel.

U.S. authorities believe that Maksim Rudometov served as the developer and administrator of the entire RedLine Infostealer infrastructure. In October 2024, he was formally charged as part of the international operation “Magnus,” a sweeping law enforcement initiative coordinated by U.S. agencies and international partners to dismantle two malware-as-a-service (MaaS) platforms—RedLine and META.

According to the U.S. Department of Justice, Rudometov managed RedLine’s command servers, laundered proceeds through cryptocurrency wallets, and was directly involved in coding and distributing the malware. Investigators have linked him to key distribution channels, including Telegram accounts used to promote and sell malware to end-users. To date, over 1,200 servers used to control RedLine and META botnets have been identified.

The operation also involved the Dutch police and Eurojust. In Belgium, two suspects were arrested, and three servers along with two command-and-control domains were seized. It remains officially unconfirmed whether Rudometov himself has been apprehended. If convicted, he could face up to 35 years in prison on charges including device fraud, conspiracy to commit computer intrusions, and money laundering.