'Pakistan-based' cybercrime ring targeted in US-Dutch crackdown

A joint effort by authorities of the United States and the Netherlands has led to the seizure of 39 domains and their associated servers used by a Pakistan-based cybercrime network comprising online marketplaces selling hacking and fraud-enabling tools.

The hacking tools, according to the affidavit submitted in relation to the seizures, were operated by a group known as Saim Raza alias "HeartSender" which used crime-related websites since at least 2020 "to sell phishing toolkits and other fraud-enabling tools to transnational organised crime groups", read a press release issued by the US Department of Justice on Friday.

These groups, the DOJ adds, used these tools to target numerous victims in the US, resulting in over $3 million in victim losses.

aWith the Federal Bureau of Investigation (FBI) Field Office probing the case, it has come to light that the Saim Raza-run websites "operated as marketplaces that advertised and facilitated the sale of tools such as phishing kits, scam pages, and email extractors, often used to build and maintain fraud operations".

"Not only did Saim Raza make these tools widely available on the open internet, it also trained end users on how to use the tools against victims by linking to instructional YouTube videos on how to execute schemes using these malicious programmes, making them accessible to criminal actors that lacked this technical criminal expertise," said the DOJ, adding that the group also advertised its tools being completely undetectable by anti-spam software.

Furthermore, transnational organised crime groups and other cybercrime actors who bought these hacking, fraud-enabling tools, primarily used them in business email compromise schemes where victim companies were duped into making payments to a third party.

These payments, however, were instead redirected to a financial account the perpetrators controlled, resulting in significant losses. Moreover, these tools were used to acquire victim user credentials which were then further used in these fraudulent schemes.

"The seizure of these domains is intended to disrupt the ongoing activity of these groups and stop the proliferation of these tools within the cybercriminal community," remarked the DOJ statement.

The crackdown follows another operation by the FBI and a host of law enforcement agencies who seized a series of cybercrime-related websites on Wednesday.

The websites' seizure, carried out as part of "Operation Talent", according to the seizure notice, includes websites and information on customers and victims.

A spokesperson for Europol told Reuters in an email Wednesday that an operation, coordinated by Europol was underway and that more information would be released later.

The operation targeted websites associated with Cracked, Nulled, StarkRDP, Sellix and MySellix, according to tech news website Bleeping Computer and VX-Underground, an online repository for malware research and discussion.

The sites each played various roles in the cybercrime ecosystem or were abused by cybercriminals to facilitate access to stolen login credentials, stolen and pirated software and video game cheats, and stolen credit card information, according to Bleeping Computer.

— With additional input from Reuters