The Justice Department has shut down a Pakistan-based network that had been openly selling hacking and other cyber fraud tools online. The group, known as Saim Raza or HeartSender, had been in operation since at least 2020, controlling 39 domains and their associated servers, and was responsible for at least $3 million in victim losses in the U.S. alone.
The Saim Raza-run websites advertised and facilitated the sale of phishing kits, scam pages, and email extractors to malicious actors worldwide. According to cybersecurity journalist Brian Krebs, the HeartSender homepage openly promoted a series of tools designed to target users of specific internet providers, including Yahoo, Intuit, and iCloud. The group also provided training for end users, linking to instructional YouTube videos on how to use the tools.
Saim Raza’s customers primarily used these hacking tools to carry out business email compromise schemes, tricking companies into transferring funds to hacker-controlled accounts. The group advertised its tools as fully undetectable by anti-spam software.
Phishing Is Big Business
The bust, conducted jointly by the FBI’s Houston field office and the Dutch National Police, highlights how the international hacking trade has become a major business. Saim Raza was a sizable entity in its own right, developing its own FudCo-branded phishing services, managed in secret by a front company called We Code Solutions. However, Saim Raza was merely a middleman, selling tools to transnational organized crime groups, nation-state threat actors, and other cybercriminals.
Phishing attacks continue to increase as these tools become more accessible. The 2024 Phishing Intelligence Report from SlashNext stated that the number of phishing emails tripled in H2 2024.
Businesses targeted by these attacks must pay closer attention to the dark web, where such illegal activities are planned and marketed.
A report from Javelin Strategy & Research, New Stakes for Cyber-Resiliency in the Era of Cyberwarfare, found that financial services providers that invested in dark web intelligence have found it to be an effective deterrent.
“While most FIs and even vendors have been reluctant to invest in dark web threat intel, businesses that have made the leap to make these investments have reaped the cyber benefits,” said Tracy (Kitten) Goldberg, Director of Fraud and Security at Javelin Strategy & Research.