Authorities have seized 39 websites allegedly used to sell hacking tools and fraud-enabling software.
The crackdown targeted a Pakistan-based network of online marketplaces operated by a group known as Saim Raza (aka HeartSender), which allegedly facilitated cyberattacks on individuals and businesses worldwide.
The announcement was made by U.S. Attorney Nicholas J. Ganjei, Supervisory Official Antoinette T. Bacon of the Justice Department’s Criminal Division, and Special Agent in Charge Douglas Williams of the FBI.
The operation, conducted on January 29, was a collaborative effort involving the FBI and the Dutch National Police.
The seized websites have been replaced with a seizure notification that displays the logos of the Department of Justice (DOJ) and the FBI, informing visitors that the domains are now under federal custody.
Hacking Tools for Sale Since 2020
According to an affidavit supporting the seizures, Saim Raza used these websites since at least 2020 to sell phishing toolkits, scam pages, and other digital tools designed to facilitate fraud.
These tools were marketed primarily to transnational organized crime groups, who used them to launch various schemes and scams.
The cybercriminals’ activities reportedly caused over $3 million in losses to victims in the United States alone.
“These scams not only target businesses but individuals as well, causing significant hardship to the victims,” said U.S. Attorney Ganjei.
“The ease with which these malicious hacking tools were sold online for a fee made it possible for criminals abroad to harm people globally. Today, however, we have disrupted their operations and delivered a major blow to their ability to continue spreading harm.”
The seized websites not only offered hacking tools for sale but also provided tutorials to assist buyers in using them.
These included links to instructional YouTube videos teaching cybercriminals how to execute phishing schemes using the purchased tools.
Marketed as “fully undetectable” by anti-spam software, these tools provided even low-skilled criminals with the ability to carry out sophisticated cyberattacks.
Fraudulent Schemes and Victim Losses
The primary use of these tools was to facilitate business email compromise (BEC) schemes.
Criminals used these schemes to impersonate executives or vendors and trick companies into transferring funds into accounts controlled by the perpetrators.
The tools also enabled criminals to steal login credentials and escalate fraud operations, leading to significant financial losses.
The seizure of these domains aims to disrupt the ongoing activities of these cybercriminal groups and prevent the further proliferation of these tools.
The FBI’s Houston Field Office spearheaded the investigation, with invaluable cooperation from Dutch authorities.
Assistant U.S. Attorney Rodolfo Ramirez and Trial Attorney Gaelin Bernstein of the Criminal Division’s Computer Crime and Intellectual Property Section are prosecuting the case.
“While the perpetrators may have operated from abroad, their reach was global, and we will continue our efforts to ensure they face justice,” said Supervisory Official Bacon.
The coordinated takedown highlights the growing international collaboration required to combat cybercrime and the global efforts to protect individuals and organizations from sophisticated hacking networks.
Collect Threat Intelligence with TI Lookup to improve your company’s security - Get 50 Free Request
