The FBI and Dutch police dismantle the phishing group The Manipulaters

On January 29, 2025, the FBI and Dutch police announced the dismantling of The Manipulaters, a cybercriminal group specializing in phishing. Based in Pakistan, this organization, also known as “Saim Raza,” marketed a wide range of malware, including Heartsender, Fudpage, and Fudtools.

“The websites operated by Saim Raza functioned as marketplaces that advertised and facilitated the sale of tools such as phishing kits, scam pages, and email extractors, often used to develop and sustain fraud operations,” stated the U.S. Department of Justice.

The police operation led to the seizure of 39 servers and domain names, containing millions of records on victims from around the world. Active for at least a decade, The Manipulaters gained notoriety through its presence on cybercriminal forums and social media, as well as its complete disregard for privacy.

Several members of the group founded a company named WeCodeSolutions, which served as a front for their illicit activities. This company regularly posted photos on social media, openly revealing the cybercriminals’ identities—even when they were boasting about the effectiveness of their malware.

A 2024 investigation by DomainTools.com revealed that this carelessness extended to The Manipulaters’ customers. The hosted version of Heartsender exposed numerous details about those who had purchased the malware.

The cybercriminal group also suffered multiple breaches of its client databases, which were poorly secured and later sold online. “Ironically, in the short term, The Manipulaters posed a greater risk to its own customers than to law enforcement,” DomainTools wrote at the time.