Law enforcement agencies from the United States and the Netherlands have successfully carried out Operation “Heart Blocker,” dismantling a sophisticated cybercriminal network based in Pakistan. The group, known as Saim Raza or HeartSender, specialized in the development and distribution of phishing tools, leading to financial losses exceeding $3 million for victims worldwide.
As part of the operation, authorities seized 39 domains and servers used to facilitate the group’s illicit activities. HeartSender provided a range of malicious services, including phishing kits, cookie-stealing tools, and bulk email spamming infrastructure. These offerings enabled cybercriminals to harvest user credentials and infiltrate compromised digital ecosystems. The network catered to thousands of clients, granting access to website control panels (cPanel), SMTP servers, and hijacked WordPress accounts.
Investigators uncovered vast troves of stolen data, including approximately 100,000 compromised accounts from the Netherlands. According to cybersecurity journalist Brian Krebs, HeartSender’s operations were marred by negligence—its own infrastructure was frequently infected with malware, and critical security flaws exposed customer data and ongoing transactions to external parties.
The takedown occurred shortly after the FBI participated in an international crackdown on underground marketplaces used for trading stolen credentials and hacking tools.
