RedLine Infostealer Administrator Extradited to US, Faces Up to 20 Years for Running MaaS Infrastructure
Armenian national Hambardzum Minasyan has been extradited to the United States for his alleged role in maintaining RedLine's command-and-control infrastructure, managing affiliate payments, and distributing the infostealer — one of the most prolific credential-stealing operations since 2020.
The US Department of Justice has announced the extradition and first court appearance of Hambardzum Minasyan, an Armenian national accused of serving as an administrator of the RedLine infostealer malware operation. Minasyan appeared in a Texas court on Wednesday facing charges that carry up to 20 years in prison.
According to the indictment, Minasyan played an operational role in maintaining RedLine's infrastructure. He allegedly registered virtual private servers to host command-and-control systems and administration panels used by affiliates, created repositories on a file-sharing platform to distribute the malware, registered internet domains supporting the operation, and set up a cryptocurrency account in November 2021 to receive affiliate payments. He also handled support requests from RedLine's customer base.
Minasyan has been charged with conspiracy to commit access device fraud, conspiracy to commit money laundering, and conspiracy to violate the Computer Fraud and Abuse Act. The access device fraud charge carries up to 10 years, while the remaining counts each carry up to 20 years.
RedLine has been one of the most dominant infostealers in the threat landscape since its emergence in 2020, operating as a malware-as-a-service platform that enables affiliates to steal browser credentials, cryptocurrency wallet data, VPN credentials, and other sensitive information. Despite an international law enforcement takedown in October 2024, the operation's impact was limited and RedLine continues to rank among the most frequently observed infostealers in active campaigns.
The extradition follows the US State Department's mid-2025 announcement of a $10 million reward for information on Maxim Alexandrovich Rudometov, believed to be RedLine's primary developer and administrator. Rudometov, born in Ukraine, reportedly fled to Russia in early 2022 and remains at large.
What Defenders Should Do:
RedLine remains an active threat regardless of this arrest. Organizations should continue monitoring for RedLine indicators across endpoint telemetry, particularly credential dumping from browsers, cryptocurrency wallets, and VPN clients. Enforce multi-factor authentication on all accounts where stolen credentials could enable access. Review exposure to known RedLine distribution vectors including phishing emails, cracked software downloads, and malicious advertisements. The arrest of an administrator — not the primary developer — means the malware's development pipeline likely remains intact.
