A cybercriminal subscription services responsible for fraud campaigns causing millions of dollars in losses has been disrupted in coordinated action by Microsoft alongside legal partners in the US and, for the first time, the UK.
On Wednesday January 14, Microsoft announced it had seized the website and infrastructure of RedVDS, a platform which hosted cybercrime-as-a-service tools for phishing and fraud campaigns, which cost users as little as $24 a month.
Despite the low cost of entry, the cybercriminal subscription service is known to have cost victims in the US alone over $40 million since March 2025. These include a cyber-attack against Alabama‑based pharmaceutical company H2-Pharma that caused more than $7.3m in losses and Gatehouse Dock Condominium Association, home association in Florida which lost over $500,000 to RedVDS hosted campaigns.
In total, Microsoft has identified nearly 190,000 organizations worldwide which fell victim to RedVDS supported campaigns. The US, Canada and the UK were the most impacted countries.
RedVDS provided cybercriminals with access to cheap, effective and disposable virtual computers running unlicensed software, including Windows, allowing criminals to operate quickly and anonymously against victims around the world.
RedVDS Uses AI to Tailor Phishing and BEC Scams
These servers allowed RedVDS to be used for a range of cybercriminal activity, including sending campaigns ranging from high-volume phishing attacks and highly targeted business email compromise (BEC) scams.
As part of the BEC attacks, cybercriminals are known to have quietly observed ongoing communications between victims and their legitimate business partners, before waiting for the right moment to strike, impersonating that contact to request significant wire transfers.
According to Microsoft, RedVDS services were commonly paired with generative AI tools to help criminals quickly identify potentially high-value targets and generate realistic looking phishing emails and associated attachments to mimic legitimate messages the victim would expect to see.
Microsoft also noted that there were hundreds of examples of attackers exploiting AI deepfake videos and voice cloning to impersonate specific individuals and create even more realistic means of deception.
Victims Urged to Report Cybercrime to Prevent Future Attacks
The coordinated action to take down and disrupt RedVDS saw legal action in US and UK combined with support from international law enforcement, including Europol.
Microsoft also praised RedVDS victims, like H2-Pharma and the Gatehouse Dock Condominium Association, for help in aiding the disruptive action.
“Their cooperation made this action possible and will help protect future victims. Falling victim to a scam should never carry stigma. These attacks are executed by organized, professional criminal groups that intercept and manipulate legitimate communications between trusted parties,” said Microsoft.
Phishing and BEC scams are often sophisticated, but there are actions which can be taken to reduce the chance of falling victim. These include slowing down and questioning the urgency of opening links and requests for payment and verifying payment requests with colleagues.
It’s also recommended that users apply multi-factor authentication to help prevent account takeover and that software is kept up to date with security patches to counter known vulnerabilities.
Finally, Microsoft recommended that in the event of finding out they’ve fallen victim to a cyber-attack or scam, companies should report it: because as has been the case with RedVDS, it can help stop cybercriminals from damaging others.
“Every report helps dismantle networks like RedVDS and brings us closer to stopping cybercrime at scale,” the company said.
