cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Five Eyes and allies allegedly take down BreachForums as threat groups claim responsibility

Infamous dark web marketplace BreachForums has had its website taken down in a cyber attack on its systems, with a pair of threat actors claiming responsibility for the attack.

user icon Daniel Croft
Thu, 18 Apr 2024
Five Eyes and allies allegedly take down BreachForums as threat groups claim responsibility
expand image

The R00TK1T threat group, in tandem with the CyberArmyofRussia, a pro-Russian threat group, claimed to be behind the notorious hacking forums website takedown.

“We are R00TK1T and the attack group CyberArmyofRussia, are proud to announce our success in bringing down the servers of BreachForums,” said R00TK1T on Telegram.

“The site has currently crashed due to the extent of our attack, which was executed with extreme precision and efficiency.”


Alongside the message, the group posted a proof message from the BreachForum’s admin Baphomet to Telegram admitting that the site was down.

“The domain is currently suspended. We’re working on it. We apologise for any inconvenience,” Baphomet said.

The threat group also promised to publish a list of the forum’s users, including emails and IP addresses.

In response to the claims, Baphomet said the incident was being investigated and that the forum’s dark web TOR page was still operational.

Soon after, BreachForums came back online with a new domain, with Baphomet adding that investigations had revealed that it was not R00TK1T and the CyberArmyofRussia behind the attack, but international law enforcement agencies.

“After thorough investigation, we’ve determined this activity as part of not only the ‘Five Eyes’ network, but various other large nations as well working together to silence our forums,” Baphomet said on Telegram.

“Our domain (.cx) was suspended – which is not really new when it comes to running a forum like ours. We currently have a temporary domain available to all users – breachforums.st.

“As with any time we experience downtime or a domain suspension, groups of morons take credit for it despite doing literally nothing but smashing their little pig fingers on a keyboard the second any issues happen on our forum,” added Baphomet in a likely reference to R00TK1T and the CyberArmyofRussia.

“At this point, nothing has been seized, hacked, or even reasonably attacked. There is a chance that we are going to experience DDoS attacks like every other time we come back after any downtime/suspension so just be patient with us.”

R00TK1T responded to Baphomet once again, promising that the denial of their involvement would result in consequences.

“Attention, Baphomet the owner of Breachforums,” said R00TK1T.

“After you decided to go to war with the wrong opponents and after you deny anything to do with our attacks even though your forum was down for almost a whole day, we are taking a step forward to disrupt and destroy your forums. Expect chaos in the days ahead.

“Together with our friends from Cyber Army of Russia, we are ready to unleash a torrent of chaos that will leave you reeling. So buckle up because this ride is going to be one heck of an adventure!”

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.