Case Explained: Microsoft Uses UK Courts to Dismantle ‘RedVDS’ Cyber Crime Network – Legal Perspective

In a major step against global cyber crime, Microsoft Digital Crimes Unit (DCU) has dismantled ‘RedVDS’, a cyber crime-as-a-service network, after securing court orders in the United Kingdom. The move marks Microsoft’s first significant civil legal action outside the United States.

Microsoft said it turned to the UK legal system because RedVDS’s core digital infrastructure was being operated through a UK-based hosting provider. According to the company, more than 7,500 victims linked to the network were located in the UK alone.

Certified Cyber Crime Investigator Course Launched by Centre for Police Technology

Domains seized, network shut down

As part of the operation, DCU seized two key domains that were being used to run the RedVDS marketplace and customer portal. The RedVDS website currently displays a notice stating that its domain has been seized by Microsoft.

The company said the action goes beyond simply taking websites offline. By disrupting the infrastructure, the legal move is intended to help identify the individuals operating the network and prevent the platform from being reused for further criminal activity.

Support from Europol and Germany

The international operation involved close cooperation with Europol, including its European Cybercrime Centre (EC3). German authorities also provided assistance, with support from the Central Office for Combating Internet Crime in Frankfurt and the Criminal Police Office of the state of Brandenburg.

Microsoft said such cross-border coordination is increasingly critical, as organised cyber crime networks operate across multiple jurisdictions and rely on shared infrastructure.

How the RedVDS network worked

RedVDS functioned as an organised cyber crime service, offering criminals access to disposable virtual computers for as little as $24 (around ₹2,000) per month. These virtual systems were used to carry out large-scale online fraud, phishing campaigns and other financial crimes while helping attackers conceal their real locations.

According to DCU estimates, RedVDS-linked criminals have targeted more than 191,000 organisations worldwide since September 2025. In the United States alone, losses attributed to the network are estimated to exceed $40 million.

Use of AI and business email compromise

Investigations found that RedVDS was used to support phishing operations, host malicious infrastructure and facilitate various forms of financial fraud. In several cases, users combined the service with generative AI tools to identify targets more quickly, craft more convincing messages and, in some instances, manipulate video footage or clone voices.

The network was particularly effective in enabling business email compromise (BEC) attacks. In these schemes, criminals impersonate trusted individuals or organisations to trick victims into transferring money to accounts they control. The real estate sector was among the most heavily targeted, with estate agents, escrow firms and title companies affected. Thousands of customers, especially in Australia and Canada, were impacted by such activity.

Part of a broader strategy

Microsoft said the RedVDS takedown represents its 35th civil action aimed at dismantling cyber crime infrastructure. The company noted that modern cyber crime is powered by shared services and platforms, making it essential to target the tools that allow criminals to operate and scale their activities.

The company added that focusing solely on individual attackers is no longer sufficient, and sustained legal and technical action is required to weaken the broader cyber crime ecosystem.

Growing threat, tougher response

Cyber security experts say the rise of crime-as-a-service models has industrialised cyber crime, lowering costs for attackers and enabling large-scale fraud operations. Against this backdrop, legal action by technology companies, alongside technical disruption, is increasingly seen as a critical deterrent.

Microsoft said it will continue working with global partners to identify and dismantle similar networks, with the aim of making cyber crime less profitable for criminals and improving online safety for individuals and organisations worldwide.

About the author – Rehan Khan is a law student and legal journalist with a keen interest in cybercrime, digital fraud, and emerging technology laws. He writes on the intersection of law, cybersecurity, and online safety, focusing on developments that impact individuals and institutions in India.