Authorities in the US and the Netherlands on Thursday announced the disruption of a Pakistan-based network of illicit online marketplaces selling hacking and fraud-enabling tools.
As part of the law enforcement action, named Operation Heart Blocker, 39 domains and their associated servers were seized. For roughly five years, these websites had been operated by a threat actor known as Saim Raza and HeartSender, and advertised as facilitating fraud.
Since 2020, Saim Raza has been selling phishing toolkits, scam pages, email extractors, and cookie grabbers to transnational organized crime groups, who used them to cause more than $3 million in losses to victims in the US.
Saim Raza, the US Department of Justice says, made these fraud-enabling tools available on the open internet, and provided miscreants with instructions and training on how to use them, making them available to cybercriminals who lacked technical expertise.
The tools were advertised as being fully undetectable by antispam solutions, and threat actors leveraged them primarily in business email compromise schemes that convinced victims to make payments to bank accounts controlled by the attackers.
Additionally, the tools allowed threat actors to steal user credentials, which were used as part of the fraud schemes.
Thousands of miscreants worldwide bought Saim Raza’s tools to send large volumes of spam and phishing messages and to steal victims’ credentials, the Dutch police said on Thursday.
On the illicit marketplaces, visitors could also buy hacked infrastructure, such as web servers, SMTP servers, and WordPress accounts. Authorities have tracked down “a number of buyers of the tools”, including individuals in the Netherlands.
Millions of data records belonging to individuals worldwide were also found in Saim Raza’s datasets following the seizure, and the Dutch police has set up a website where users can enter their email address to learn if their credentials had been compromised.
Users who receive an email after entering their address, the Dutch police says, should immediately change their login credentials, and should be wary of unsolicited emails that could be phishing attempts. According to law enforcement, the compromised email addresses could also be used to target a victim’s contacts.
Related: Nulled, Other Cybercrime Websites Seized by Law Enforcement
Related: IP Spoofing Attack Tried to Disrupt Tor Network
Related: Bumblebee Malware Loader Resurfaces Following Law Enforcement Takedown
