Cyber Incident Victim: Gatehouse Dock Condominium Association
Date:
Mar 2025
Location:
United States of America
Summary
Gatehouse Dock Condominium Association, a Florida home association, lost over $500,000 in a cyberattack orchestrated through RedVDS, a criminal subscription service that provided cybercriminals with AI-powered tools and virtual infrastructure for phishing and business email compromise scams. RedVDS enabled attackers to conduct highly targeted campaigns, often using generative AI to craft convincing messages and deepfake videos to impersonate individuals, resulting in extensive financial damage, including more than $40 million in losses across the United States and impacting nearly 190,000 organizations globally. Microsoft, alongside legal partners in the US and UK and international law enforcement, seized RedVDS's website and infrastructure in a coordinated takedown, disrupting the service. The association's cooperation with investigators contributed to the action.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The criminal subscription service RedVDS, operated as a cybercrime-as-a-service platform, provided attackers with inexpensive, disposable virtual computers running unlicensed software to conduct phishing and business email compromise (BEC) campaigns. Subscribers paid as little as $24 monthly for access to this infrastructure, which enabled them to operate anonymously and target victims globally. In BEC attacks facilitated by RedVDS, cybercriminals would monitor legitimate communications between a victim and their business partners before impersonating one party to request fraudulent wire transfers. These campaigns were often enhanced with generative AI tools to identify high-value targets and craft convincing phishing emails that mimicked expected correspondence, with some attacks even employing AI-generated deepfake videos or voice clones for impersonation. The Gatehouse Dock Condominium Association, a home association in Florida, was among the organizations targeted by these RedVDS-hosted BEC scams, resulting in a financial loss exceeding $500,000. This loss was part of a broader pattern where RedVDS-supported campaigns caused over $40 million in damages to U.S. victims alone since March 2025, with nearly 190,000 organizations worldwide affected. The attack on Gatehouse Dock exemplified the service’s focus on extracting significant sums through carefully orchestrated deception, leveraging the anonymity and scalability of the rented infrastructure to evade detection during the fraud.
Microsoft, alongside legal partners in the United States and United Kingdom and with support from international law enforcement including Europol, executed a coordinated takedown of RedVDS on January 14, 2026. The action involved seizing the service’s website and underlying infrastructure, effectively disrupting the tools available to its criminal subscribers. Microsoft explicitly acknowledged the cooperation of victims like the Gatehouse Dock Condominium Association and Alabama-based H2-Pharma, which lost over $7.3 million, as instrumental in enabling this disruptive legal action. The company emphasized that reporting cybercrimes, despite any perceived stigma, provides critical evidence that helps dismantle criminal networks and protect future potential targets. While the takedown neutralized the immediate RedVDS platform, the incident underscored the persistent threat of AI-augmented BEC scams, where criminals exploit trusted communication channels to execute large-scale financial fraud against organizations across sectors. The Gatehouse Dock’s experience highlighted the severe monetary consequences for entities that fall prey to such schemes, with losses compounding the operational disruption inherent in these attacks.