BreachForums website seized in international operation

The online cybercrime marketplace has been operated by a threat actor known as ShinyHunters since June 2023, the FBI says

BreachForums website seized in international operation

Image:
BreachForums website seized in international operation

In a coordinated international effort, the FBI and law enforcement agencies from several countries have successfully seized the website and Telegram channel of BreachForums, a well-known online marketplace for stolen data and hacking tools.

The agencies from Five Eyes nations (US, UK, Canada, Australia and New Zealand), as well as Switzerland, Iceland and Ukraine, executed the takedown on Wednesday, just days after BreachForums published the stolen Europol data.

Visitors to BreachForums' now-defunct website are greeted with a seizure notice stating, "This website has been taken down by the FBI and DOJ with assistance from international partners."

"We are reviewing the site's backend data. If you have information to report about cyber criminal activity on BreachForums, please contact us," the message states.

The notice provides several avenues for reporting criminal activity related to BreachForums, including a Telegram channel and an email address. The FBI has also set up a dedicated website where victims and others can share evidence.

According to the FBI, BreachForums has been operated by a threat actor known as ShinyHunters since June 2023 and has served as a "clear-net marketplace for cybercriminals to buy, sell and trade contraband, including stolen access devices, means of identification, hacking tools, breached databases, and other illegal services."

The takedown marks the latest in a series of law enforcement actions against BreachForums, which has become a central hub for cybercriminal activities despite repeated attempts to shut it down.

In one of its recent high-profile incidents, BreachForums users claimed responsibility for breaching the systems of Piping Rock, a US-based supplement producer, and stealing over 2.1 million email addresses along with detailed information on nearly one million customers.

In another instance, the names and email addresses of about 10,000 Home Depot employees were leaked on the forum.

Last year, the platform's then-admin Conor Brian Fitzpatrick, aka "Pompompurin," was arrested and sentenced after the forum was taken down.

Pompompurin was involved in several high-profile hacks in recent years, including multiple attacks on the FBI. In 2021, he claimed responsibility for breaching the FBI's email systems and sending out hundreds of fake cybersecurity alerts.

He exploited a security vulnerability in an FBI portal designed for data exchange with regional and local law enforcement agencies. The FBI later confirmed that a software misconfiguration had allowed the fraudulent emails to be sent.

Pompompurin was also connected to the 2022 breach of the FBI's InfraGard network, resulting in the sale of 80,000 members' contact information on the dark web.

Following the arrest of Pompompurin in March 2023, BreachForums resurfaced under a new leader, "Baphomet."

While the latest takedown of the BreachForums website disrupts cybercriminal activity, these platforms often find ways to re-emerge.

In February, the LockBit ransomware gang resumed its operations on a new infrastructure, less than a week after international law enforcement dismantled its servers and seized cryptocurrency and decryption keys during Operation Cronos.