Department of Justice partners with Dutch police to break up HeartSender network

Authorities in the United States and the Netherlands have dismantled a sophisticated Pakistan-based cybercrime network known as Saim Raza. 

The operation, dubbed “Operation Heart Blocker,” culminated Wednesday with the coordinated seizure of 39 domains and servers. Also known as HeartSender, Saim Raza was responsible for developing and selling phishing kits, with the Department of Justice claiming the software resulted in over $3 million in victim losses.

HeartSender’s network operated through a vast array of criminal web shops, advertising its malicious tools across platforms like YouTube. The group specialized in selling an arsenal of tools — including phishing kits, cookie grabbers, and other tools to power spam campaigns — that enabled users to send vast amounts of phishing emails, steal login credentials, and access hacked infrastructure. This global operation attracted thousands of customers seeking to exploit digital vulnerabilities, offering access to services like cPanels, SMTP servers, and WordPress accounts.

The investigation uncovered datasets containing millions of victim records, including approximately 100,000 sets of Dutch credentials.

Aside from police, the group has been on the radar of cybersecurity researchers for the past decade. A story from independent journalist Brian Krebs detailed the group’s sloppy operations, including malware infections within their own network and security lapses in their HeartSender services, which reveal customer data and operations to unauthenticated users.

The takedown comes shortly after the FBI was also involved in an international operation that seized digital marketplaces known for stolen credentials and hacking tools.