Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
BreachForums has been taken down once again, but hackers defy law enforcement as their dark web site remains.
US authorities, backed by France’s Central Brigade of Cybercrime and the Paris Public Prosecutor’s Office, have seized clear-web infrastructure linked to the Scattered Lapsus$ Hunters hacking group.
The latest iteration of the long-running BreachForums site had been linked to the group after it posted what appeared to be a farewell message to the URL, which had once been a popular hacking forum.
Earlier this month, however, the site transitioned to a leak site dedicated to extorting Salesforce and dozens of companies compromised by a widespread social engineering campaign, suggesting the farewell message may have been a ruse, or representative of just one portion of the hacking collective.
However, while the clear web domain has been seized, complete with an animated seizure notice, the group’s dark web leak site remains in operation. Scattered Lapsus$ Hunters has said it will publish around 1 billion records compromised in its Salesforce campaign, unless the company pays a ransom demand.
Salesforce has said it will do no such thing, which means data allegedly belonging to companies such as Qantas, Disney, McDonald’s, UPS, and many more could be published imminently.
Scattered Lapsus$ Hunters responded to the takedown on its Telegram channel, saying overnight: “Seizing a domain does not really affect our operations FBI… try harder ;).”
Soon after posting that, however, the channel was locked down after one member appeared to be missing online.
“Hello, this channel is now locked down till we get this mess in control,” the last post said, as some members of the channel openly commented that the FBI may already be in the chat.
A pinned message in the channel still indicates that the Salesforce data will soon be published.
“We’ve now made it so on exactly 11:59 PM New York time tomorrow, the data of companies who have not paid will be leaked,” the post said.
UPDATE: 12.56pm, 10 October
Scattered Lapsus$ Hunters shared a PGP-signed message from an individual claiming to be or to represent ShinyHunters soon after the takedown, stating that BreachForums was now officially dead.
“BreachForums was seized by the FBI and international partners today. This was inevitable and I am not surprised. Neither I and others involved with this group have been arrested. All our BreachForums domains were taken from us by the US Government a few days ago. The era of forums are over,” ShinyHunters said.
“There is not much to say about this seizure but one thing to note is, the recent action the US Government has took against us, has no impact on our Salesforce campaigns. The fact that our DLS was also hosted on BreachForums clearnet domain and because we planned to re-open the forum to leak the data of companies who have not complied with us when the deadline arrived onto the re-opened BreachForums was likely the cause of todays seizure.”
That equates to 3pm today, Friday, 10 October. Watch this space.
UPDATE : 5pm, 10 October
The hackers appear to have changed publication time. As of writing, that will be 3pm, 11 October.
We also now have some more commentary on the matter, from Sophos’ Field CTO, Aaron Bugal.
“While it appears law enforcement has temporarily disrupted their plans — taking down what’s believed to be the latest iteration of the BreachForums leak site – this is just one small win in a long game,” Bugal told Cyber Daily.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
