DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Operation Heart Blocker: Disruption action deals blow to criminal cyber network HeartSender

Posted on February 1, 2025February 1, 2025 by Dissent

During a disruption action on January 29, 2025, HeartSender servers and domains were seized by various police services. HeartSender is the name of a group of phishing software makers. The Cybercrime Team of the East Brabant police unit started an investigation at the end of 2022, after phishing software was found on the computer of a suspect in another investigation. An investigation against this group was already underway in the United States. These parallel investigations in the United States and the Netherlands have led to the action ‘Operation Heart Blocker’.

The action of January 29 is the provisional conclusion of complex investigations by the FBI and the Cybercrime Team of the East Brabant police unit. During the action, 39 servers and domains abroad were seized.

The criminal group behind HeartSender operated very professionally. Through many different criminal web shops, which were advertised on YouTube for example, they sold tools to commit digital fraud. ‘Senders’, ‘scampaigns’ and ‘cookie grabbers’ are examples of the tools that were offered. A cybercriminal can use these tools to send large amounts of spam or phishing e-mails or use them to steal someone’s login details. In addition, cybercriminals could also buy access to hacked infrastructure in these criminal web shops, such as cPanels (control panels of web servers), smtp servers (servers used to send e-mail messages) and WordPress accounts (system to manage websites). The group behind HeartSender had thousands of customers worldwide.

Buyers

In the investigation, the Cybercrime Team is on the trail of a number of buyers of the tools. Presumably, these buyers also include Dutch nationals. Further investigation is being conducted into these buyers. The investigation into the makers and buyers of this phishing software has not yet been completed with the seizure of the servers and domains.

Dutch victims

The HeartSender datasets contain millions of data from victims worldwide. The datasets also contain approximately 100,000 Dutch data. These are usernames and passwords that may have been misused by cybercriminals. You can check whether your login details appear in the checked dataset from this investigation via www.politie.nl/checkjehack  . You can enter your email address here. If your email address appears in the dataset, you will receive an email with tips and information about what you can do best. If you do not hear anything, you were not among the victims of this network with that email address. With the WordPress accounts, we see that people sometimes use a different username instead of their email address. In those cases, you cannot use Check je Hack to check whether your data has been leaked. That is also why it is a good idea to change your passwords regularly and for these types of systems we definitely advise doing this preventively.

Impact

If your account details are included in the dataset, the impact can be significant. For example, if your username and password for your email account have been leaked, cybercriminals can use this to gain access to your address book. In this way, they can send phishing emails to all your contacts in your name. Your contacts will probably trust the emails because they come from you. In this way, they may also share their own details with criminals via a link in such an email. Criminals can also indicate on web shops that they have lost their password, after which a recovery link is sent to your mailbox. In this way, they can change your password for the web shop. With the stolen cPanel or WordPress accounts, criminals have access to the management system of your website or server, which can then be managed by the criminals.

What do you do if you have become a victim?
Change your passwords as soon as possible and activate two-step login. In addition, always report if you have become a victim of cybercrime! This research shows once again that we are able to significantly disrupt and disrupt the criminal infrastructure of cybercriminals. We are making a big step forward. But we cannot do it alone. Every report contributes to the collection of valuable information that helps track down perpetrators and prevent new victims. This can be done via  www.politie.nl  or a police station in your area.

Watch on YouTube (Dutch).

Source: Politie.nl

Category: Of NoteOtherPhishing

Post navigation

← Almost one year later, NorthBay Health notifies 569,012 people of breach of sensitive information
Cover-up Follow-up: Westend Dental starts notifying patients of October 2020 ransomware attack →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • 16 Defendants Federally Charged in Connection with DanaBot Malware Scheme That Infected Computers Worldwide
  • Russian national and leader of Qakbot malware conspiracy indicted in long-running global ransomware scheme
  • Texas Doctor Who Falsely Diagnosed Patients as Part of Insurance Fraud Scheme Sentenced to 10 Years’ Imprisonment
  • VanHelsing ransomware builder leaked on hacking forum
  • Hack of Opexus Was at Root of Massive Federal Data Breach
  • ‘Deep concern’ for domestic abuse survivors as cybercriminals expected to publish confidential abuse survivors’ addresses
  • Western intelligence agencies unite to expose Russian hacking campaign against logistics and tech firms
  • Disrupting Lumma Stealer: Microsoft leads global action against favored cybercrime tool
  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • Privilege Under Fire: Protecting Forensic Reports in the Wake of a Data Breach

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Widow of slain Saudi journalist can’t pursue surveillance claims against Israeli spyware firm
  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • GDPR is cracking: Brussels rewrites its prized privacy law
  • Telegram Gave Authorities Data on More than 20,000 Users
  • Police secretly monitored New Orleans with facial recognition cameras
  • Cocospy stalkerware apps go offline after data breach
  • Drugmaker Regeneron to acquire 23andMe out of bankruptcy

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.