U.S. and Dutch law enforcement agencies have announced the dismantling of 39 domains and associated servers to disrupt a network of online marketplaces originating from Pakistan. The operation, codenamed Operation Heart Blocker, took place on January 29, 2025.
The sites offered phishing toolkits and fraud-enabling tools and were run by a group known as Saim Raza, also known as HeartSender, since at least 2020.
The tools sold on these sites were used by transnational organized crime groups in the United States for various business email compromise (BEC) schemes, resulting in losses exceeding $3 million.
The U.S. Department of Justice stated, “The Saim Raza-run websites acted as marketplaces for tools like phishing kits, scam pages, and email extractors, which were used to perpetrate fraud schemes.”
In a coordinated effort, Dutch police reported that the criminal group sold programs aiding digital fraud, with thousands of customers before the shutdown.
Victims of credential theft can check if they are affected by visiting “www.politie[.]nl/checkjehack” and entering their email addresses.
The Manipulaters, also known as The Manipulaters, were first exposed in 2015 and have since evolved their operations.
The Manipulaters’ lack of technical sophistication is offset by their early adoption of phishing-focused strategies and horizontal integration in cybercrime markets.
The group is believed to have a physical presence in Pakistan and has faced operational security challenges.
The recent crackdown on criminal marketplaces like Cracked and Nulled is part of a broader law enforcement effort to combat cybercrime.
