Law enforcement agencies from the U.S. and Netherlands have successfully dismantled a significant cybercrime operation, taking down 39 domains and their servers in an operation dubbed “Heart Blocker” on January 29, 2025.

The network, operated by a Pakistan-based group known as Saim Raza (aka HeartSender), had been selling phishing toolkits and fraud-enabling tools since 2020. These tools were utilized by criminal organizations in business email compromise (BEC) schemes, resulting in over $3 million in losses to U.S. victims.

According to the U.S. Department of Justice, the marketplaces not only sold malicious tools but also provided instructional content through YouTube videos, making cybercrime accessible to less technically skilled criminals. The platforms offered various products including phishing kits, scam pages, and email extractors, enabling credential theft and large-scale fraud operations.

Dutch police confirmed that the service had thousands of customers before its shutdown. They have established a verification system at “www.politie.nl/checkjehack” where users can check if their credentials were compromised.

The group, also known as The Manipulaters, was first exposed by Brian Krebs in 2015. DomainTools’ research revealed the organization’s presence across multiple Pakistani cities, including Lahore, Fatehpur, Karachi, and Faisalabad. Despite lacking technical sophistication, they were pioneers in establishing integrated phishing-focused cybercrime marketplaces.

This operation follows recent law enforcement actions against other criminal marketplaces including Cracked, Nulled, Sellix, and StarkRDP in Operation Talent.