Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

US, Dutch Authorities Disrupt Pakistani Hacking Shop Network

US and Dutch authorities seized 39 domains to disrupt a network of hacking and fraud marketplaces operated by Saim Raza.

Authorities in the US and the Netherlands on Thursday announced the disruption of a Pakistan-based network of illicit online marketplaces selling hacking and fraud-enabling tools.

As part of the law enforcement action, named Operation Heart Blocker, 39 domains and their associated servers were seized. For roughly five years, these websites had been operated by a threat actor known as Saim Raza and HeartSender, and advertised as facilitating fraud.

Since 2020, Saim Raza has been selling phishing toolkits, scam pages, email extractors, and cookie grabbers to transnational organized crime groups, who used them to cause more than $3 million in losses to victims in the US.

Saim Raza, the US Department of Justice says, made these fraud-enabling tools available on the open internet, and provided miscreants with instructions and training on how to use them, making them available to cybercriminals who lacked technical expertise.

The tools were advertised as being fully undetectable by antispam solutions, and threat actors leveraged them primarily in business email compromise schemes that convinced victims to make payments to bank accounts controlled by the attackers.

Additionally, the tools allowed threat actors to steal user credentials, which were used as part of the fraud schemes.

Thousands of miscreants worldwide bought Saim Raza’s tools to send large volumes of spam and phishing messages and to steal victims’ credentials, the Dutch police said on Thursday.

On the illicit marketplaces, visitors could also buy hacked infrastructure, such as web servers, SMTP servers, and WordPress accounts. Authorities have tracked down “a number of buyers of the tools”, including individuals in the Netherlands.

Advertisement. Scroll to continue reading.

Millions of data records belonging to individuals worldwide were also found in Saim Raza’s datasets following the seizure, and the Dutch police has set up a website where users can enter their email address to learn if their credentials had been compromised.

Users who receive an email after entering their address, the Dutch police says, should immediately change their login credentials, and should be wary of unsolicited emails that could be phishing attempts. According to law enforcement, the compromised email addresses could also be used to target a victim’s contacts.

Related: Nulled, Other Cybercrime Websites Seized by Law Enforcement

Related: IP Spoofing Attack Tried to Disrupt Tor Network

Related: Bumblebee Malware Loader Resurfaces Following Law Enforcement Takedown

Related: Staying on Topic in an Off Topic World

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Software giant Atlassian has named David Cross as its new CISO.

Dan Pagel has been named the new CEO of risk management and remediation firm Brinqa.

The City of Phoenix has promoted Mitch Kohlbecker to the role of Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.