In 2024, our team found that the web-based version of HeartSender was leaking a significant amount of sensitive data to anyone who accessed it; no login required.
This included customer login details and internal emails from HeartSender staff. Malware infections on the attackers’ own devices revealed extensive account data, along with insights into the group’s structure, operations, and role within the broader cybercrime ecosystem.
Yesterday, Brian Krebs reported that 21 individuals accused of operating Heartsender have been arrested in Pakistan. This milestone was the result of incredible teamwork across borders and organizations, and we're proud to have been part of that global effort.
When we come together, we can give bad actors more bad days.
Find our original analysis and update here: https://www.domaintools.com/resources/blog/the-resurgence-of-the-manipulaters-team-breaking-heartsenders/?utm_source=Mastodon&utm_medium=Social&utm_campaign=Manipulaters
DomainTools /
npub182…ala2v
2025-05-29 13:29:06
Author Public Key
npub182uvw9fpdepyg7zssgjdpsegfh4lj8au4s09v2a0crtxzgj80fwsxala2vSeen on
wss://relay.mostr.pubPublished at
2025-05-29 13:29:06Event JSON
{
"id": "f8c1e4feea731e40250a8be0fddb998f1a0f26fba58c2e2b7552be6480a88df8",
"pubkey": "3ab8c715216e424478508224d0c3284debf91fbcac1e562bafc0d66122477a5d",
"created_at": 1748525346,
"kind": 1,
"tags": [
[
"proxy",
"https://infosec.exchange/users/DomainTools/statuses/114591357095844194",
"activitypub"
],
[
"client",
"Mostr",
"31990:6be38f8c63df7dbf84db7ec4a6e6fbbd8d19dca3b980efad18585c46f04b26f9:mostr",
"wss://relay.mostr.pub"
]
],
"content": "In 2024, our team found that the web-based version of HeartSender was leaking a significant amount of sensitive data to anyone who accessed it; no login required. \n\nThis included customer login details and internal emails from HeartSender staff. Malware infections on the attackers’ own devices revealed extensive account data, along with insights into the group’s structure, operations, and role within the broader cybercrime ecosystem. \n\nYesterday, Brian Krebs reported that 21 individuals accused of operating Heartsender have been arrested in Pakistan. This milestone was the result of incredible teamwork across borders and organizations, and we're proud to have been part of that global effort. \n\nWhen we come together, we can give bad actors more bad days.\n\nFind our original analysis and update here: https://www.domaintools.com/resources/blog/the-resurgence-of-the-manipulaters-team-breaking-heartsenders/?utm_source=Mastodon\u0026utm_medium=Social\u0026utm_campaign=Manipulaters",
"sig": "9d14d296f7b7e82138f888e4fb99b0ba03c47113a163f1fd5e6d0bdf4e7b783fe9fcb4e4a1686bbfeaa33768f6796d67caf422534200c21e4f5e4439f81873f5"
}