Law Enforcement disrupts Major Spam Delivery Service

“The Saim Raza-run websites operated as marketplaces that advertised and facilitated the sale of tools such as phishing kits, scam pages and email extractors often used to build and maintain fraud operations,” the DOJ explained.[1] The core product the criminals sell is “Heartsender”, a spam delivery service whose homepage openly advertised phishing kits targeting users of various Internet companies, including Microsoft 365, Yahoo, AOL, Intuit, iCloud and ID.me, to name a few. The Dutch authorities said 39 servers and domains abroad were seized, and that the servers contained millions of records from victims worldwide — including at least 100,000 records pertaining to Dutch citizens.[2] The US government says transnational organized crime groups that purchased these services primarily used them to run business email compromise (BEC) schemes, wherein the cybercrime actors tricked victim companies into making payments to accounts under the control of the criminals.

Assessment

Cybercrime is becoming increasingly global. Cybercriminals from different parts of the globe can buy, sell or trade tools, techniques and services between each other. As Truesec has reported previously, the BEC criminals that use these products often operate out of Western Africa.[3] Truesec has also observed a rise in BEC type of cybercrime against the Nordics in 2024. Buying ready phishing kits from groups like Saim Raza considerably lowers the bar for novice cybercriminals to become successful.

References

[1] https://www.justice.gov/usao-sdtx/pr/cybercrime-websites-selling-hacking-tools-transnational-organized-crime-groups-seized
[2] https://www.politie.nl/nieuws/2025/januari/27/09-verstoringsactie-deelt-klap-uit-aan-crimineel-cybernetwerk-heartsender.html
[3] https://soc.truesec.app/5f5c9acc-8492-42cf-98c4-b3b56f704ab6/threat-insights/TS-ThreatInsight-2024-72