Law enforcement agencies from the United States and The Netherlands have dealt a major blow to a notorious cybercrime operation based in Pakistan. The joint operation resulted in the seizure of dozens of servers and domains linked to a spam and malware distribution service run by a group known as "The Manipulaters."
On January 29, authorities took control of the technical infrastructure behind several cybercrime brands including Heartsender, Fudpage, and Fudtools. The operation targeted 39 servers containing millions of victim records worldwide, with at least 100,000 belonging to Dutch citizens.
The group marketed their tools under various "fud" branded names, standing for "Fully Un-Detectable" - referring to malicious software designed to bypass security measures like antivirus programs. Their main product, Heartsender, openly advertised phishing kits targeting users of major platforms including Microsoft 365, Yahoo, AOL, and iCloud.
According to the U.S. Department of Justice, organized crime groups used these tools primarily for business email compromise (BEC) schemes. These scams involved tricking companies into sending payments to fraudulent accounts controlled by cybercriminals.
The operation revealed that The Manipulaters operated through a web coding company in Lahore called WeCodeSolutions, likely used to legitimize their illegal income. The group showed remarkably little concern for operational security, even posting yearly company party photos featuring cakes decorated with their cybercrime brand "FudCo."
Security researchers found that the group's web services leaked extensive customer information, including authentication credentials and email records. Ironically, The Manipulaters' own computers were infected with password-stealing malware, resulting in their credentials being sold on criminal markets.
Dutch authorities confirmed that investigations into both the service operators and their customers continue. Law enforcement agencies are actively pursuing leads on buyers of these tools, including potential Dutch nationals.
This takedown was part of a broader international operation that also targeted several major cybercrime forums and services. The coordinated effort involved law enforcement agencies from Australia, France, Greece, Italy, Romania, and Spain.