thewayne: (Default)
The Wayne ([personal profile] thewayne) wrote2025-05-29 09:40 am
Entry tags:

Pakistan arrests 21, shutting down $50,000,000+ cybercrime ring!

GO, PAKISTAN!

It's always lovely to see these arrests take place in countries where you don't expect them to happen.

This particular ring, who operated the Heartsender malware service, are accused of stealing more than $50mil from U.S. businesses over the last decade and are under investigation in the EU for more theft. Their package was advertised as undetectable to malware/anti-virus systems and used to trick businesses to make money transfers to criminals.

Great malware, lousy opsec (operational security).

The guys apparently thought that Pakistan was totally fine with their running a big cybercrime operation with no consequences. And perhaps they were, I don't know if other countries 'encouraged' Pakistan to get serious about shutting down people like this or what.

This is where it starts getting good...

"Mr. Shahzad ['alleged' head of the group] was named and pictured in a 2021 KrebsOnSecurity story about a series of remarkable operational security mistakes that exposed their identities and Facebook pages showing employees posing for group photos and socializing at work-related outings.

...

Sometime in 2019, The Manipulaters failed to renew their core domain name — manipulaters[.]com — the same one tied to so many of the company’s business operations. That domain was quickly scooped up by Scylla Intel, a cyber intelligence firm that specializes in connecting cybercriminals to their real-life identities. Soon after, Scylla started receiving large amounts of email correspondence intended for the group’s owners."


Like I said, sloppy opsec.

https://krebsonsecurity.com/2025/05/pakistan-arrests-21-in-heartsender-malware-service/
kaishin108: waves by hwm (Default)

[personal profile] kaishin108 2025-05-29 06:50 pm (UTC)(link)
Wow! That is good news.
disneydream06: (Disney Happy)

[personal profile] disneydream06 2025-05-29 11:50 pm (UTC)(link)
Thank you Pakistan. :):):)
Hugs, Jon
murakozi: (Default)

[personal profile] murakozi 2025-05-30 12:26 pm (UTC)(link)
Maybe it's just the cynical side of me, but I wonder if it happened because someone decided they didn't want to keep paying someone else to look the other way.
silveradept: A kodama with a trombone. The trombone is playing music, even though it is held in a rest position (Default)

[personal profile] silveradept 2025-05-31 07:07 pm (UTC)(link)
Very sloppy opsec, but also the likelihood that these people were arrested and their operations stopped because they weren't making the outlays needed to remain unseen by the people who could have arrested them at any time they chose.

Still, good that there's one less criminal gang roaming about these days.