F3T · Follow The Threat

Ingested Bundle · BCG Investigation

Consolidated forensic bundle ingested from F3T_Consolidated.rar. Generated 5/26/2026, 3:26:14 PM · Framework F3T (Follow The Threat).

TLP:RED

Bundle Ingested

Files Cataloged

7,889

Total Size (GB)

1.37

IOCs Extracted

5,939

Actors Profiled

ATT&CK Techniques

STIX Objects

2,152

Muhammad Imran Haroon

Finance Controller / CEO (self-appointed)

CRITICAL

BCG Insider Threat Group

Financial Fraud

Payroll Manipulation

Wise Fund Routing

PayPal Control

Document Forgery

✉ finance@backcheckgroup.com

✉ imran@backcheckgroup.com

☎ +923002314764

# 42301-0849077-7

# 91509-0143193-5

Seen 2018 → 2026 · active

Muhammad Yousuf Khan

Deputy Manager HR & Admin / Cash Channel

HIGH

BCG Insider Threat Group

Cash Payment Network

Evidence Delay

PC Dispatch Manipulation

NADRA Lookup Abuse

✉ yousuf@backcheckgroup.com

☎ +923442508055

Seen 2018 → 2026 · active

Vikash Harjeewan

IT Administrator / Credential Sharer

HIGH

BCG Insider Threat Group

Password Sharing

GSuite Admin Credential Exposure

Infrastructure Handover to Horizon Tech

✉ vikash@backcheckgroup.com

Seen 2018 → 2026 · active

Hassan Jamal

Director Operations

MEDIUM

BCG Insider Threat Group

Operational Cover

DD Deletion Facilitation

✉ hassan@backcheckgroup.com

Seen 2018 → 2026 · active

Muhammad Zubair

Sales / Finance Facilitator

MEDIUM

BCG Insider Threat Group

Financial Facilitation

Client Data Access

✉ zubair@backcheckgroup.com

Seen 2018 → 2026 · active

Dilawar

Finance

MEDIUM

BCG Insider Threat Group

Financial Facilitation

Seen 2018 → 2026 · active

Asad Mahmood

Principal — Network Infrastructure Exploitation

CRITICAL

Horizon Tech Infrastructure Exploitation Group

Exchange Migration Facilitation

Domain Control

AWS Common Crawl Data Extraction

OpenCTI Admin Access

✉ asad@backcheckgroup.com

Seen 2018 → 2026 · active

Rasheed Ahmed

IT Administrator — Horizon Tech Insider

CRITICAL

Horizon Tech Infrastructure Exploitation Group

PST File Retrieval

Exchange Migration

bcgfinance@ Alias Creation

PC Preparation with Backdoor Access

✉ rasheed.ahmed@backcheckgroup.com

Seen 2018 → 2026 · active

Nasir Jatoi

IT Executive — OpenCTI/Aleph Systems Admin

CRITICAL

Horizon Tech Infrastructure Exploitation Group

OpenCTI Administration

Aleph (OCCRP) Setup

Server Migration

Docker Container Management

✉ nasir@backcheckgroup.com

✉ itsupport@backcheckgroup.com

Seen 2018 → 2026 · active

Ali

IT Services — Original Vendor Turned Rogue

HIGH

Horizon Tech Infrastructure Exploitation Group

Initial Infrastructure Access

Vendor Relationship Exploitation

Seen 2018 → 2026 · active

Fahim

Network Breach Operations

HIGH

Horizon Tech Infrastructure Exploitation Group

Network Breach

Data Exfiltration

Seen 2018 → 2026 · active