Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

BreachForums arrest and downtime - latest analysis by ReliaQuest

March 2023 by ReliaQuest

The latest ReliaQuest analysis of the latest downtime of BreachForums following the arrest of suspected admin ’Pompompurin’ last week.

The closure of BreachForums will likely result in English-speaking cybercriminals moving to underground dark web forums such as XSS and Exploit to leak large databases and engage in criminal discussions. While XSS and Exploit are primarily Russian-speaking, these forums have English-speaking sections with a large user base. The threat to enterprises is likely to remain high—threat actors will find other ways to leak data publicly. Other methods that threat actors may explore include leaking data on Telegram and IRC channels. Some threat actors have also used social media like Twitter to advertise data dumps. Therefore, enterprises should remain vigilant of the activity of threat actors on the clear and dark web.

At the time of writing, it is not possible to access BreachForums. It is highly likely, although unconfirmed, that this relates to the arrest of this individual and that the FBI has seized infrastructure affiliated with pompompurin. We still don’t know whether this is a temporary downtime or whether we’re currently witnessing the final takedown of this platform. There are three possible scenarious:

Scenario 1: Momentary Downtime - it is realistically possible that BreachForums’ downtime is momentary and that the platform will be back soon. However, if that were to be the case, forum users would likely be suspicious of any law enforcement infiltration into the platform.

Scenario 2: Permanent Farewell - Another realistically possible scenario is that BreachForums downtime will be definitive. The arrest of its founder and main administrator, along with the likely seizure of documents and infrastructure, is likely to give law enforcement the opportunity to close this forum forever. Even if the forum remains operational, it is likely that it may no longer have its users’ trust after its founder’s arrest

Scenario 3: A New Forum from the Ashes - If BreachForums’ farewell turns out to be permanent, it is highly likely that new and existing English-language cybercriminal platforms will emerge in the short term (one to three months) to take its place.

By way of background, active in the cybercriminal community since at least October 2020, pompompurin was a member of RaidForums, where they earned a significant reputation for consistently sharing high-profile databases, data leaks, and access offerings. In November 2021, pompompurin gained widespread acclaim across the cybercriminal community when they successfully identified a vulnerability in an email server owned by the FBI and used it to send thousands of fake emails about a cybercrime investigation. Pompompurin then reached high prominence when they decided to create and administer BreachForums.


See previous articles

    

See next articles












Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts