The name HeartSender Pakistani hacker group has haunted global cybercrime units since 2020. Known for selling phishing kits and running online scam platforms, they caused millions in damages. But in a daring midnight raid in Multan, Pakistani and international agencies nearly captured its mastermind — only to see him vanish in a digital ghost story come to life.
🔎 Who Are the HeartSender Hackers?
The HeartSender Pakistani hacker group, founded and allegedly led by Saim Raza, operated under aliases like The Manipulaters, Dream Color, and Pak Hack. Their websites sold everything a cybercriminal might want — phishing kits, email spoofers, cookie grabbers, and more.
They even offered YouTube tutorials to train criminals on executing cyber fraud while dodging detection. These weren’t amateurs; this was organized cyber warfare.
🚨 The Midnight Raid in Multan – A Real-Life Thriller
The Setup
On the night of May 15-16, 2025, cybercrime agents from Pakistan’s National Cyber Crime Investigation Agency (NCCIA) descended upon a housing society in Multan. Armed with trackers, surveillance tools, and intelligence from the FBI and Dutch police, they were hunting the group’s local leadership.
The target: two neighboring houses, believed to be used as cybercrime hubs.
The Surprise
Using a mobile signal locator tied to the suspected ringleader, officers closed in. Fourteen operatives were arrested inside — but the mastermind? Gone.
Agents were baffled. The signal showed the phone was still inside. As they searched every room and questioned suspects, the locator suddenly went dead — the phone was turned off.
He had vanished.
💣 How the Mastermind Escaped
The ringleader, according to NCCIA director Abdul Ghaffar, had built a secret passage between the houses — a classic move out of a spy novel. When the raid began, he fled through a backdoor escape route, shutting off his device before slipping away.
Authorities later discovered he had rented additional houses behind the main properties under a false name.
🧠 What Did They Find?
From the two raided houses, investigators seized:
- Dozens of laptops, phones, and digital devices
- Several luxury cars
- Sophisticated phishing software
- Access logs to over 780 hacked websites, including the Supreme Court of Pakistan’s site (in 2011)
The group had operated under the fake identity of a shell company called Shifa Garden, using it to mask financial and online fraud.
🌐 Global Trail of Digital Fraud
The Scope of Damage
According to the U.S. Department of Justice, the HeartSender Pakistani hacker group has caused over $3 million in losses through Business Email Compromise (BEC) scams, targeting American and European companies.
The group operated criminal marketplaces, advertising on YouTube, and selling to cybercriminals worldwide — including buyers in the Netherlands.
They sold tools like:
- Scampages (fake login pages)
- Senders (email mass-sending tools)
- Cookie grabbers
These were weaponized to steal credentials, trick businesses into fake payments, and move funds into hacker-controlled accounts.
🧩 Investigations and Court Drama
NCCIA officials presented the 14 captured men in court, securing 7-day physical remand for questioning. A joint 8-member investigation team is now probing financial records, interrogating suspects, and tracing digital footprints.
More than 21 individuals are now under investigation, and 15 names have been placed on the Exit Control List to prevent escape.
More Charges Coming
Cases include:
- Anti-Money Laundering violations
- Cybercrime acts
- Digital fraud
- Identity theft
Officials suggest even U.S. extradition could be requested.
🎯 Saim Raza: Leader or Patsy?
Curiously, some officials hinted Saim Raza may not be the main orchestrator, but rather a digital puppet. Another man, using a friend’s identity, may have been pulling the strings.
Investigators claim the group has operated since at least 2011, with previous arrests in Lahore and Multan. The full network might be deeper than originally thought.
🧠 FAQs About the HeartSender Pakistani Hacker Group
Q: What tools did HeartSender sell?
A: Phishing kits, fake login pages, bulk mailers, cookie grabbers, and fraud training videos.
Q: How many people were arrested?
A: Fourteen suspects in the Multan raid; over 21 now being investigated.
Q: Was the leader caught?
A: No. He escaped through a hidden exit just as the raid began.
Q: Is HeartSender still active?
A: Their websites have been taken down, but remnants of the network may remain operational.
🔐 Conclusion: A Cybercrime Legend in the Making
The HeartSender Pakistani hacker group is more than a cautionary tale — it’s a chilling reminder of how advanced and connected cybercrime has become. While international authorities have shut down much of their infrastructure, the elusive mastermind remains free, making this story far from over.
