U. S. and Dutch Authorities Dismantle 39 Domains Linked to BEC Fraud Network

Feb 01, 2025Ravie LakshmananCybercrime / Fraud Prevention

In an effort to destroy a system of online marketplaces originating from Pakistan, U.S. and French law enforcement agencies have announced that they have destroyed 39 domains and their related servers.

The motion, which took place on January 29, 2025, has been codenamed Operation Heart Blocker.

The large number of websites in question were bribe-selling hacking software and creating fraud, and they have been run by a group known as Saim Raza, which is also known as HeartSender.

Transnational organized crime groups then used these offers to target a number of Americans victims as part of various business email compromise ( ) schemes, resulting in losses totaling more than$ 3 million.

” The Saim Raza-run websites operated as marketplaces that advertised and facilitated the sale of tools such as phishing kits, scam pages, and email extractors, often used to build and maintain fraud operations”, the U. S. Department of Justice ( DoJ) .

Saim Raza made these tools widely available online, and it also provided end users with training on how to use them against victims by linking to tutorial YouTube videos on how to use these harmful programs, making them accessible to legal actors without this technical background in criminal law.

The DoJ added that the tools that were featured on the markets made it possible to obtain target user credentials, which were then used to advance the deceptive schemes.

French police the judicial group sold a number of programs to facilitate online fraud, which could be used by cybercriminals to send phishing emails at a higher rate or to steal username credentials, in a planned statement. Before it shut down, the company is thought to have had a large number of customers.

By visiting the URL “www.” users may check if they are one of the victims of token fraud. politie [. ] nl/checkjehack” and entering their email lists.

Independent security journalist Brian Krebs initially identified the hacking entity in May 2015, with a report from DomainTools last year revealing operating security flaws that suggested some systems linked to the threat actors have been hacked by stealer malware.

” One of the earliest phishing-focused crime markets to diagonally integrate their business unit while also spreading their activities across several separately branded stores is their most notable characteristic,” the firm , “despite lacking the technical sophistication that many other large crime vendors have.

Evidence suggests that members of The Manipulaters have joined, and at least one of the group’s earlier people have left. They appear to have a physical appearance in Pakistan, including Lahore, Fatehpur, Karachi, and Faisalabad”.

The growth comes after Cracked, Nulled, Sellix, and StarkRDP were eliminated as part of a planned law enforcement operation dubbed Talent toward the end of January 2025.

Found this post exciting? Follow us on and Twitter to access more unique information we article.

Leave a Comment