![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
GO, PAKISTAN!
It's always lovely to see these arrests take place in countries where you don't expect them to happen.
This particular ring, who operated the Heartsender malware service, are accused of stealing more than $50mil from U.S. businesses over the last decade and are under investigation in the EU for more theft. Their package was advertised as undetectable to malware/anti-virus systems and used to trick businesses to make money transfers to criminals.
Great malware, lousy opsec (operational security).
The guys apparently thought that Pakistan was totally fine with their running a big cybercrime operation with no consequences. And perhaps they were, I don't know if other countries 'encouraged' Pakistan to get serious about shutting down people like this or what.
This is where it starts getting good...
"Mr. Shahzad ['alleged' head of the group] was named and pictured in a 2021 KrebsOnSecurity story about a series of remarkable operational security mistakes that exposed their identities and Facebook pages showing employees posing for group photos and socializing at work-related outings.
...
Sometime in 2019, The Manipulaters failed to renew their core domain name — manipulaters[.]com — the same one tied to so many of the company’s business operations. That domain was quickly scooped up by Scylla Intel, a cyber intelligence firm that specializes in connecting cybercriminals to their real-life identities. Soon after, Scylla started receiving large amounts of email correspondence intended for the group’s owners."
Like I said, sloppy opsec.
https://krebsonsecurity.com/2025/05/pakistan-arrests-21-in-heartsender-malware-service/
It's always lovely to see these arrests take place in countries where you don't expect them to happen.
This particular ring, who operated the Heartsender malware service, are accused of stealing more than $50mil from U.S. businesses over the last decade and are under investigation in the EU for more theft. Their package was advertised as undetectable to malware/anti-virus systems and used to trick businesses to make money transfers to criminals.
Great malware, lousy opsec (operational security).
The guys apparently thought that Pakistan was totally fine with their running a big cybercrime operation with no consequences. And perhaps they were, I don't know if other countries 'encouraged' Pakistan to get serious about shutting down people like this or what.
This is where it starts getting good...
"Mr. Shahzad ['alleged' head of the group] was named and pictured in a 2021 KrebsOnSecurity story about a series of remarkable operational security mistakes that exposed their identities and Facebook pages showing employees posing for group photos and socializing at work-related outings.
...
Sometime in 2019, The Manipulaters failed to renew their core domain name — manipulaters[.]com — the same one tied to so many of the company’s business operations. That domain was quickly scooped up by Scylla Intel, a cyber intelligence firm that specializes in connecting cybercriminals to their real-life identities. Soon after, Scylla started receiving large amounts of email correspondence intended for the group’s owners."
Like I said, sloppy opsec.
https://krebsonsecurity.com/2025/05/pakistan-arrests-21-in-heartsender-malware-service/
