BreachForums Seized Once Again: What is Next?
The FBI has taken control of BreachForums, notorious for leaking and selling stolen corporate data to cybercriminals. The seizure occurred following the forum’s use to leak data stolen from a Europol law enforcement portal. This event marks another chapter in BreachForums’ turbulent history. But what led to this event, and what can we expect?
From RaidForums to Breached: How Did BreachForums Evolve?
BreachForums gained notoriety in the mainstream media after RaidForums was shut down and Breached took its place. The saga began when a known threat actor, Pompompurin, launched Breached following RaidForums’ closure.
A year later, the Breached Forum became quite popular, leading to Pompompurin’s arrest by US law enforcement on March 15, 2023. However, the closure of Breached did not mark the end. A new team revived the forum as BreachForums, quickly becoming the focal point of dark web activities and succeeding where previous forums had failed.
For more details on Breached and Pompompurin, click here.
How Did ShinyHunters Revive BreachForums?
On June 12, 2023, Breached reemerged as BreachForums under the control of ShinyHunters, a prominent threat group. Despite initial skepticism about its legitimacy, a PGP-signed message from a former administrator, Baphomet, confirmed its return. ShinyHunters, notorious for significant data breaches targeting companies like Tokopedia and Microsoft’s GitHub, continued to attract attention for selling stolen data.
For more information about ShinyHunters, click here.
What Caused the site to be Seized?
On May 15, 2024, the FBI seized BreachForums, which had been leaking and selling stolen corporate data. This seizure came soon after the forum was used to leak data from a Europol law enforcement portal.
The website now displays a message indicating that the FBI has taken control over it and its backend data, suggesting that law enforcement seized the site’s servers and domains. The seizure notice also shows the profile pictures of the site’s administrators overlaid with prison bars.
The FBI is investigating the criminal hacking forums known as BreachForums and RaidForums. For more details, visit ic3.gov.
What are the Rumors and Speculations?
Following the takedown, rumors about BreachForums being a honey-pot and key members being arrested have circulated. While ShinyHunter, one of the administrators, has stated that Baphomet has been arrested, there is no official confirmation from law enforcement agencies. ShinyHunter claimed that the FBI had seized almost all infrastructure, leaving the forum’s future uncertain.
For more details on CyberNiggers and IntelBroker, click here.
What Did USDoD Say?
USDoD (a threat actor), another threat actor in the forum, has assured the community that efforts are underway to reopen the forum. They stated, “This is not the end; it is an opportunity for a new beginning.”
USDoD’s message on X further indicated suspicious activities around BreachForums, suggesting he foresaw this outcome. In an interview on DailyDarkWeb, they expressed doubts about BreachForums’ future and mentioned their plans to keep the community informed.
For more information about USDoD-TA, click here.
What Did ShinyHunters Announce?
Recently, ShinyHunters confirmed that Baphomet had been arrested, leading to the FBI seizing nearly all of their infrastructure. Despite this, efforts are underway to reestablish the community.
What is the Breach Nation?
Shortly after the BreachForums seizure, the USDoD announced plans to establish a new hacker forum. Breach Nation's planned launch date is July 4, 2024, coinciding with Independence Day.
USDoD outlined its plans for the new community, emphasizing a focus on performance and security. They urged the community to join his new forum instead of others led by teams with poor track records.
For more details on USDoD’s plans, click here.
What Does This Mean for Cybersecurity?
BreachForums was part of a lineage of hacking forums that traded, sold, and leaked stolen data. Despite significant law enforcement actions, the community remains resilient. While BreachForums may be down, history suggests another forum will rise to fill the void.
As cybersecurity professionals, it’s crucial to stay informed about these developments. They highlight the ever-evolving landscape of cyber threats and the ongoing battle between law enforcement and cyber criminals. Each new forum presents a challenge to global cybersecurity efforts.
Originally published on SOCRadar’s blog on May 16, 2024:
https://socradar.io/breachforums-seized-once-again-what-is-next/
