DoJ Seizes Domains Associated With Saim Raza Cybercrime Operation

The Department of Justice has seized 39 domains and a slew of servers allegedly associated with the Saim Raza hacking and fraud operation as part of an international effort to disrupt the long-running business. 

Saim Raza, also known as HeartSender and a few other names, is a nebulous cybercrime persona that researchers have been tracking for many years. The operation was in conjunction with the Dutch National Police and is the result of a long term investigation. 

Why It Matters: Cybercrime is bad. Taking down cybercrime operations is good. This operation disrupted a long-running fraud and phishing enablement enterprise that has operated for many years across a variety of countries. The group ran sites that offered a range of services and tools, including phishing kits and other implements useful for the aspiring cybercriminal. 

“The Saim Raza-run websites operated as marketplaces that advertised and facilitated the sale of tools such as phishing kits, scam pages and email extractors often used to build and maintain fraud operations. Not only did Saim Raza make these tools widely available on the open internet, it also trained end users on how to use the tools against victims by linking to instructional YouTube videos on how to execute schemes using these malicious programs, making them accessible to criminal actors that lacked this technical criminal expertise. The group also advertised its tools as “fully undetectable” by antispam software,” the DoJ said.

Key Details

• The DoJ seized 39 individual domains and also took control of an unspecified number of servers associated with the operation

• The DoJ alleges that the Saim Raza persona has been using these sites since at least 2020 to sell phishing kits and other tools to organized crime groups around the world. 

• The department alleges that the activities of those organized crime groups have resulted in more than $3 million in losses

“The transnational organized crime groups and other cybercrime actors who purchased these tools primarily used them to facilitate business email compromise schemes wherein the cybercrime actors tricked victim companies into making payments to a third party. Those payments would instead be redirected to a financial account the perpetrators controlled, resulting in significant losses to victims,” the DoJ said. 

This operation follows a separate initiative by Europol this week in which the agency took down two major cybercrime forums called Cracked and Nulled and arrested two suspects, as well.