In a major international operation, US and Dutch authorities have successfully dismantled a Pakistan-based cybercrime network accused of facilitating large-scale fraud by selling sophisticated hacking tools to criminals globally. The US Department of Justice (DOJ) revealed that the network, known as HeartSender, was allegedly led by a figure named Saim Raza, although his whereabouts and further details remain undisclosed.
The HeartSender network, which had been active for over a decade, operated several online marketplaces that sold malware and phishing tools used to perpetrate financial fraud. The DOJ reported that the group’s activities caused financial losses exceeding $3 billion in the US alone.
As part of “Operation Heart Blocker,” law enforcement agencies seized 39 domains and associated servers used by the network. These platforms were responsible for distributing phishing kits, which mimicked login pages of popular services like Microsoft 365, Yahoo, iCloud, and AOL, tricking victims into entering their login credentials, which were then stolen and sold on underground markets.
US Attorney Nicholas J. Ganjei emphasized the disruptive impact of the operation, stating, “These scams not only target businesses but individuals as well, causing significant hardship to the victims. Today, we have significantly disrupted their ability to harm others.”
One of the primary tools used by HeartSender was an advanced spam delivery system, also named HeartSender, which enabled criminals to send mass phishing emails while bypassing security filters. This system was marketed as “fully undetectable” by anti-spam and security software, making it particularly dangerous. On February 1, search results for the website heartsender.com returned a message stating, “This website has been seized,” alongside a DOJ notice.
The Manipulaters: A Decade-Long Operation
The network, which also operated under various brand names such as Fudtools, Fudpage, and FudCo, specialized in business email compromise (BEC) schemes. These scams involved tricking companies into transferring funds to fraudulent accounts. The stolen credentials were further exploited for additional financial crimes.
The group was known for selling “Fully Un-Detectable” (FUD) tools that enabled cybercriminals to evade detection by cybersecurity tools. These resources included software that allowed hackers to bypass both antivirus and anti-spam defenses, making them an attractive option for criminal enterprises.
Dutch authorities played a significant role in the operation by launching a website where individuals can check if their email credentials were compromised as a result of these phishing activities. They also warned that stolen email addresses could be exploited to target both victims and their contacts.
In a parallel investigation, Spanish authorities arrested two individuals and seized 17 servers and 12 domains related to cybercrime platforms such as Cracked.io, Cracked.to, and Nulled.to. These platforms had hosted millions of ads selling similar hacking tools. The FBI Houston Field Office, with the support of Dutch authorities, led the investigation.
Who is Saim Raza?
Saim Raza, believed to be the mastermind behind “The Manipulaters,” has been involved in cybercrime activities for over a decade. Under various aliases, Raza and his network sold tools that helped hackers avoid detection by traditional cybersecurity defenses. Despite previous claims of reform, Raza allegedly continued his illicit operations, which have now drawn significant legal attention.
In January 2024, Raza reached out to journalist Brian Krebs, requesting the removal of past reports regarding his cybercrime activities. In his message, he claimed to have abandoned his criminal operations and stated that Pakistani authorities had filed a police report against him, allegedly in search of bribes. Although Raza claimed to have left Pakistan, the validity of this statement remains uncertain.
This international action highlights the growing need for cooperation among global law enforcement agencies in tackling cybercrime. The disruption of this Pakistani network is a significant step in combating the widespread distribution of hacking tools and financial fraud.
