Microsoft’s Digital Crimes Unit has dismantled multiple international criminal networks in recent months, marking a significant escalation in the tech giant’s battle against organised cybercrime. These operations, spanning from India to the United Kingdom, reveal both the increasingly sophisticated nature of modern fraud and the growing effectiveness of cross-border law enforcement partnerships.
The $24 Gateway to Global Crime
In January 2026, Microsoft executed its first civil legal action outside the United States, targeting a cybercrime marketplace called RedVDS. The operation, conducted through UK courts with support from German authorities and Europol, shut down a service that had become essential infrastructure for criminals worldwide.
RedVDS operated as a cybercrime-as-a-service platform, offering disposable virtual computers for as little as $24 per month. These systems allowed criminals to send phishing emails, host scam infrastructure, and facilitate fraud schemes while remaining anonymous and operating across borders. The scale was staggering: since September 2025, more than 191,000 organisations had been targeted, resulting in over $40 million in reported fraud losses in the United States alone.
What made RedVDS particularly dangerous was its integration with emerging technology. Criminals paired the service with AI tools that identified high-value targets and generated realistic email threads, while also leveraging face-swapping, video manipulation, and voice cloning to enhance their deception.
Following the Money Across Continents
The Digital Crimes Unit’s strategy has evolved beyond simply taking down websites. According to Kerissa Varma, Microsoft Africa’s chief security advisor, the DCU now focuses on identifying individuals behind operations, tracing developers, distributors, and financial beneficiaries within cybercrime supply chains.
This approach proved effective in May 2025, when Microsoft’s intelligence work led to coordinated raids across India. India’s Central Bureau of Investigation executed operations at 19 locations, dismantling tech support fraud networks that impersonated Microsoft and targeted older adults in Japan. Six operatives were arrested, two illegal call centres were shut down, and critical infrastructure was seized.
The victims’ demographics were telling: approximately 90% of the 200 people affected were over 50 years old. Tech support fraud remains one of the most frequently reported crimes against older Americans, with nearly $590 million in losses reported in 2023 alone.
A Growing Arsenal of Legal and Technical Weapons
Microsoft’s 35th civil action against cybercrime infrastructure demonstrates a sustained, multi-pronged strategy. The company combines civil lawsuits with technical countermeasures, criminal referrals to law enforcement, and strategic public-private partnerships.
In mid-2025, this approach delivered results against Lumma Stealer, a major information-stealing malware. Working with the US Department of Justice, Europol, and Japan’s Cybercrime Control Centre, Microsoft seized or blocked over 2,300 malicious domains, cutting off the malware’s infrastructure and redirecting infected devices away from criminal control.
The Digital Crimes Unit also hosts the Digital Crimes Consortium, an invitation-only forum that brings together law enforcement, cybersecurity practitioners, academics, and industry leaders. The most recent gathering in Athens, Greece, in March 2025, drew participants from 39 countries and 167 organisations.
The Whack-a-Mole Reality
Despite these successes, Varma acknowledges the persistent challenge facing defenders. “When you clamp down on one group, they disappear and pop up elsewhere, it’s like playing whack-a-mole,” she explains. This reality has pushed Microsoft toward embedding security directly into its technology by design, rather than treating it as an afterthought.
The company’s Secure Future Initiative now employs more than 3,600 security engineers working daily to harden Microsoft’s platforms, integrating AI-driven protections like Security Copilot to help organisations detect and respond to threats at machine speed.
As cybercrime syndicates continue expanding across borders, Microsoft’s message is clear: the days of cheap, anonymous criminal infrastructure are numbered. Through aggressive legal action, technical innovation, and unprecedented international cooperation, the Digital Crimes Unit is raising the stakes for cybercriminals worldwide.
