Authorities have seized 39 websites allegedly used to sell hacking tools and fraud-enabling software.
The crackdown targeted a Pakistan-based network of online marketplaces operated by a group known as Saim Raza (aka HeartSender), which allegedly facilitated cyberattacks on individuals and businesses worldwide.
The announcement was made by U.S. Attorney Nicholas J. Ganjei, Supervisory Official Antoinette T. Bacon of the Justice Department’s Criminal Division, and Special Agent in Charge Douglas Williams of the FBI.
The operation, conducted on January 29, was a collaborative effort involving the FBI and the Dutch National Police.
The seized websites have been replaced with a seizure notification that displays the logos of the Department of Justice (DOJ) and the FBI, informing visitors that the domains are now under federal custody.
According to an affidavit supporting the seizures, Saim Raza used these websites since at least 2020 to sell phishing toolkits, scam pages, and other digital tools designed to facilitate fraud.
These tools were marketed primarily to transnational organized crime groups, who used them to launch various schemes and scams.
The cybercriminals’ activities reportedly caused over $3 million in losses to victims in the United States alone.
“These scams not only target businesses but individuals as well, causing significant hardship to the victims,” said U.S. Attorney Ganjei.
“The ease with which these malicious hacking tools were sold online for a fee made it possible for criminals abroad to harm people globally. Today, however, we have disrupted their operations and delivered a major blow to their ability to continue spreading harm.”
The seized websites not only offered hacking tools for sale but also provided tutorials to assist buyers in using them.
These included links to instructional YouTube videos teaching cybercriminals how to execute phishing schemes using the purchased tools.
Marketed as “fully undetectable” by anti-spam software, these tools provided even low-skilled criminals with the ability to carry out sophisticated cyberattacks.
The primary use of these tools was to facilitate business email compromise (BEC) schemes.
Criminals used these schemes to impersonate executives or vendors and trick companies into transferring funds into accounts controlled by the perpetrators.
The tools also enabled criminals to steal login credentials and escalate fraud operations, leading to significant financial losses.
The seizure of these domains aims to disrupt the ongoing activities of these cybercriminal groups and prevent the further proliferation of these tools.
The FBI’s Houston Field Office spearheaded the investigation, with invaluable cooperation from Dutch authorities.
Assistant U.S. Attorney Rodolfo Ramirez and Trial Attorney Gaelin Bernstein of the Criminal Division’s Computer Crime and Intellectual Property Section are prosecuting the case.
“While the perpetrators may have operated from abroad, their reach was global, and we will continue our efforts to ensure they face justice,” said Supervisory Official Bacon.
The coordinated takedown highlights the growing international collaboration required to combat cybercrime and the global efforts to protect individuals and organizations from sophisticated hacking networks.
Collect Threat Intelligence with TI Lookup to improve your company’s security - Get 50 Free Request
A new project has exposed a critical attack vector that exploits protocol vulnerabilities to disrupt…
A threat actor known as #LongNight has reportedly put up for sale remote code execution…
Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile…
Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular application…
The European Union has escalated its response to Russia’s ongoing campaign of hybrid threats, announcing…
Venice.ai has rapidly emerged as a disruptive force in the AI landscape, positioning itself as…