US and Dutch Authorities Disrupt Pakistani Hacking Network

On January 31, 2025, US and Dutch authorities announced the disruption of a Pakistani-based network of illicit online marketplaces led by hacker Saim Raza. As part of Operation Heart Blocker, authorities seized 39 domains and their associated servers.

For approximately five years, Raza operated websites that sold hacking tools, including phishing toolkits, scam pages, email extractors, and cookie grabbers. These tools were marketed to transnational organized crime groups and resulted in over $3 million in losses for victims in the US.

The US Department of Justice reported that Raza made these fraud-enabling tools widely available on the open internet, providing instructions and training to cybercriminals with limited technical skills. The tools were advertised as undetectable by antispam solutions and were primarily used in business email compromise schemes, convincing victims to transfer funds to accounts controlled by the attackers.

Additionally, the illicit marketplaces allowed users to purchase hacked infrastructure, such as web servers and SMTP servers. Authorities identified several buyers of these tools, including individuals in the Netherlands.

Following the seizure, millions of compromised data records were found in Raza’s datasets. The Dutch police have launched a website for individuals to check if their email credentials have been compromised. Those notified are advised to change their passwords immediately and remain vigilant against phishing attempts, as compromised email addresses may also be used to target the victims’ contacts.

This operation underscores ongoing efforts by law enforcement to combat cybercrime and protect individuals from online fraud.