Photographee.eu - stock.adobe.co

News

Microsoft DCU uses UK courts to hunt down cyber criminals

Microsoft has taken down the RedDVS cyber crime-as-a-service network after obtaining a UK court order, marking its first civil legal action outside of the US

Alex Scroxton
By
Published: 14 Jan 2026 17:00

In its first ever major legal action outside the United States, Microsoft’s Digital Crimes Unit (DCU) has disrupted cyber crime-as-a-service network RedVDS – whose subscribers have cheated their victims out of millions of pounds – after obtaining separate court orders in the UK and Florida.

The DCU turned to the British legal system because the malicious infrastructure used to run RedVDS was hosted by a UK-based provider. A great number of victims of RedVDS users, well over 7,500, are also located in the UK, it said.

“Cyber crime today is powered by shared infrastructure, which means disrupting individual attackers is not enough. Through this coordinated action, Microsoft has disrupted RedVDS’s operations, including seizing two domains that host the RedVDS marketplace and customer portal, while also laying the groundwork to identify the individuals behind them,” said Microsoft DCU assistant general counsel, Stephen Masada.

The takedown operation drew Europol’s European Cybercrime Centre (EC3), with further support provided by the German authorities through the Central Office for Combating Internet Crime (ZIT) at the Public Prosecutor’s Office in the city of Frankfurt-am-Main, and the Criminal Police Office for the state of Brandenburg.

At the time of writing, the RedVDS website states that its domain has been seized by Microsoft.

Industrialised fraud

The RedDVS cyber criminal service charged as little as $24 (£18) per month to provide digital fraudsters with access to disposable virtual computers used to scale fraud operations cheaply and securely.

The DCU believes RedVDS users have compromised more than 191,000 organisations worldwide since September 2025 and netted over $40m in the US alone, with prominent victims including Alabama-based H2-Pharma, a supplier of allergy, cancer and mental health medications, which lost $7.3m; and Florida-based Gatehouse Dock Condominium Association, which was tricked out of $500,000 it had set aside for repairs to its members’ homes.

The service was used for a wide range of cyber criminal activity, including running phishing campaigns, hosting malicious infrastructure and facilitating fraud. It was often used alongside generative AI (GenAI) tools to help identify more targets quicker, generate more convincing lures, and in some cases to manipulate video footage or clone voices.

However, where RedVDS appeared to excel was in supporting business email compromise (BEC) where cyber criminals impersonate trusted individuals to send payments to accounts they control.

In particular, its users targeted the real estate sector, compromising the accounts of estate agents, escrow agents or title companies. The DCU believes that as many as 9,000 customers in the real estate industry, most in Australia and Canada, were affected by this activity to some degree.

Masada said the DCU’s latest action built on ongoing efforts to disrupt fraud and scam infrastructure via both legal and technical actions, and through global collaboration.

“It marks the 35th civil action targeting cyber crime infrastructure by Microsoft’s Digital Crimes Unit, underscoring a sustained strategy to go beyond individual takedowns and dismantle the services that criminals rely on to operate and scale,” he said.

“As services like RedVDS continue to emerge, Microsoft will keep working with partners across sectors and borders to identify and disrupt the infrastructure behind cyber-enabled fraud, making it harder for criminals to profit and easier for people and organisations to stay safe online.”

Read more about cyber crime

Read more on Hackers and cybercrime prevention