The US Justice Department, in coordination with the Dutch National Police, has seized 39 domains and associated servers linked to a Pakistan-based cybercrime network operated by a group known as Saim Raza, also referred to as HeartSender.
The network facilitated the sale of hacking and fraud-enabling tools used by transnational organized crime groups, causing over $3 million in victim losses in the United States.
According to an affidavit supporting the seizures, Saim Raza had been operating these cybercrime websites since at least 2020, offering phishing toolkits and fraud-enabling software. These websites functioned as marketplaces for selling phishing kits, scam pages, and email extractors, which were used to conduct online fraud.
The US Justice Department said that the group not only made these tools widely available but also provided instructional YouTube videos to train users on executing fraudulent schemes. The tools were marketed as “fully undetectable” by anti-spam software.
The tools sold through these platforms were primarily used in business email compromise schemes, where cybercriminals tricked companies into making payments that were redirected to accounts controlled by the perpetrators. These tools also enabled cybercriminals to steal user credentials and further expand fraudulent operations.
US authorities stated that the seizure of these domains is aimed at disrupting ongoing criminal activities and preventing the spread of these tools within the cybercriminal community.
The FBI Houston Field Office is leading the investigation, with support from Dutch law enforcement.
