Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label BreachForums. Show all posts

D-Link Confirms Data Breach, After Employees Suffer Phishing Attack


Taiwan-based networking equipment manufacturer, D-Link recently revealed to have suffered a data breach in which it lost information linked to its network. The data was then put up for sale on illicit sites, one being BreachForums.

Reportedly, the hackers claim to have stolen the company’s source code for D-View network management software. The company has also compromised millions of personal data entries of its customers and employees, along with that of its CEO. 

The compromised data includes the victim’s names, addresses, emails, phone numbers, account registration dates, and the users' last sign-in dates.

A thread participant noted that the data appeared to be very old after releasing samples of 45 stolen records with timestamps between 2012 and 2013.

The attacker stated, "I have breached the internal network of D-Link in Taiwan, I have 3 million lines of customer information, as well as source code to D-View extracted from system[…]This does include the information of MANY government officials in Taiwan, as well as the CEOs and employees of the company."

The stolen data has been available on the illicit forums since October 1st, with the hackers demanding a ransom of $500 for the stolen client data and purported D-View source code.

Data Stolen From a “Test Lab” System

According to D-Link, the security lapse happened as a result of a worker falling for a phishing scam, which gave the attacker access to the company's network.

After realizing what had transpired, the company quickly shut down possibly impacted systems in reaction to the hack, and all user accounts used for the investigation — except two — were disabled. 

D-Link further noted that the hackers have also gained access to one of its product registration systems when it was running on an old D-View 6 system, which reached its end of life in 2015, in what D-Link described as a "test lab environment,"

However, D-Link did not make it clear as to why the end-of-life server was still running on the company’s network and was subsequently exposed to the Internet for the past seven years.

D-Link confirmed that the compromised system only had about 700 records, with information on accounts that had been open for at least seven years, in contrast to the attacker's assertion that millions of users' data had been stolen. 

"Based on the investigations, however, it only contained approximately 700 outdated and fragmented records that had been inactive for at least seven years," D-Link stated. "These records originated from a product registration system that reached its end of life in 2015. Furthermore, the majority of the data consisted of low-sensitivity and semi-public information."

D-Link believes the threat actor intentionally altered the timestamps of recent logins in order to give the impression that more recent data theft occurred. The majority of the business's current clients aren't anticipated to be affected by this issue, the company added.  

Baphomet Revives BreachForums: Return of the Infamous Cybersecurity Platform

 


In recent days, BreachForums, one of the most well-known dark web hacking forums on the dark web, was reported to be shut down after one of its top administrators was arrested by United States federal authorities, including the Federal Bureau of Information (FBI). 

A dark web forum named BreachForums was a popular cybercrime forum. It has grown to become a significant platform for trafficking illicit content on the dark web. 

A wide range of topics were discussed on the site, including issues related to breaches of personal information, hacking, phishing, exploiting, and fraud against financial institutions. Many of its users are involved in trading various types of stolen information, including databases, documents, and compromised accounts that contain email addresses, passwords, and credit card details, such as stolen addresses, passwords, and credit card numbers. Threat actors and cybercriminals used the forum as a means to communicate with each other. 

On March 20, 2023, BreachForums, which had been one of the most popular forums for hacking and data leaks this year, will cease to exist. Conor Brian Fitzpatrick (also known as 'pompompurin') has been arrested for a crime relating to the website and has had the site closed down. There was a remaining administrator of the forum, Baphomet, who claimed that the servers of the forum were accessed by law enforcement, which caused him to shut it down.  

It is believed that the shutdown was prompted by suspicions that law enforcement might have obtained access to the site's configurations, source code, and user information in the forum. This was to compile a report on the forum. 

However, despite BreachForums being shut down and Raidforums being seized, those forums' databases are still easily accessible through top hacking forums such as XSS and Exploit, which are competing with BreachForums in popularity. 

In April 2022, after the arrest of Omnipotent, the founder of BreachForums, in the UK, the FBI confiscated and closed the site for violating its terms and conditions, causing it to be seized by the FBI. 

A sudden turn of events occurred on March 19, 2023, when Baphomet, the current admin of BreachForums, informed the public in an update that the hacking forum had been officially closed since it had posted its last post. However, he stressed that "it was not the end." 

In addition to this, there has appeared along with Baphomet a Telegram account with the alias ShinyHunters (@shinycorp), which will be responsible for dealing with the former BreachForums users. It has already begun disseminating information and updates related to the forum's operations through its Twitter account, and it has drawn both the attention of potential members and those who are concerned about the forum's development. 

The BreachForums community has been filling the void left behind by RaidForums last year in a major way, becoming a lucrative marketplace where stolen databases have been purchased and sold by a variety of organizations and companies. 

There has also been a development regarding the arrest of Conor Brian Fitzpatrick (aka pompompurin) who is facing one count of conspiracy to commit fraud against access devices and has already been charged with one count of conspiracy to commit fraud against access devices.

Baphomet says neither they nor Pompompurin has access to these domains at present since neither of them has access to them. 

The timing of the disinformation campaign was noted as suspicious. Baphomet posited that the disinformation campaign was meant to undermine the revived community's credibility by using disinformation. 

There is no doubt that the resurrected BreachForums presents a promising opportunity to its loyal users. However, Baphomet said that it would continue to warn against a "continued campaign against the community" and a "disinformation campaign", without providing any details regarding the campaign.

On April 4th, 2023, an online hacking forum was established using a name similar to the one seized by the FBI in April 2022. It is known as RaidForums. In terms of the admins of the new forum, there has been no indication that they are affiliated with the old forum in any way. As well as forums for discussion of hacking and leaks, there is also a section dedicated to the marketplace and tutorials, alongside discussions of exchanges and the marketplace. There are currently 1,725 members on the forum since it was launched on April 9, 2023, and plans to grow in the future. 

In the wake of BreacheForums' closure, cybercriminals have been faced with the challenge of finding a new replacement forum, which has impacted the cybercriminal community. Even though the emergence of online forums such as LeakBase and RAID FORUM indicates that there is still a large demand for platforms like these. These platforms include forums that trade stolen data and discuss hacking, which suggests that the market for such platforms will continue to grow. 

The usage of the top hacking forums such as XSS and Exploit has already seen a sudden increase as a result of these migrations. The fact that such platforms exist on the deep and dark web, as well as the fact that they can be monitored to provide the cybersecurity community with an accurate picture of evolving threats and sources, shows yet again why monitoring the dark web in general and dark web platforms, in particular, is so important.   

An Arrested Administrator Shut Down the Notorious Hacking Forum

 


An FBI officer has arrested a former administrator and owner of an infamous hacker forum that exposed data on companies such as HDB Financial Services, Rail Yatri, Acer, WhatsApp, Truecaller India, Hyundai India, Skoda India, etc. 

According to the FBI, a man was arrested last week who is suspected of being "Pumpompurin", the administrator of the infamous and popular BreachForums website. As soon as the cybercrime website's new administrator was informed of the arrest and the arrest of its administrators, he announced plans to close the forum down permanently. 

According to the FBI, a New York man has been arrested on suspicion of being Pompompurin, the owner of the BreachForums hacking forum. Documents filed in court indicate that he is charged with conspiracy to solicit an individual to sell an unauthorized access device. 

A defendant, Connor Brian Fitzpatrick, was allegedly arrested on the charge of fraud and admitted to being Connor Brian Fitzpatrick during his arrest. It was also revealed that the person who owned the Breach Forums cybercrime forum was Pompourin, who is the owner of the forum. 

The suspect, Conon Brian Fitzpatrick, who is known to the public as "Pompompurin" or "Pom" has earned a high-profile status online for several years now. He has been a target of authorities for quite some time. Fitzpatrick claimed responsibility for the November 2021 attack on an FBI server under the pseudonym Pompompurin, before the breachforums.com website was founded in 2022 by him. 

A million fake cybersecurity emails were sent from the FBI's eims@is.fbi.gov address at the time of Fitzpatrick's alleged exploit in 2021 based on the false information they were provided by Fitzpatrick. A series of emails, containing the subject lines “threat actor in systems” and describing the attack as “a sophisticated chain attack” on your virtualized clusters, were sent out claiming that their intelligence monitoring reported the exfiltration of several of your virtualized clusters. 

There was an operation by U.S. and European law enforcement agencies in April 2022 that led to the takedown of RaidForums, one of the most popular regular internet forums for hackers at the time. Having been a regular member of Raid Forums, Fitzpatrick is known to have become the most popular successor site to Raid Forums after it was demolished. 

There are countless hacking stories linked to BreachForums since its creation because it quickly developed into one of the most popular sites for selling stolen data, especially among independent hackers and other groups that are not associated with ransomware gangs or other ransomware threats. 

In the cybercriminal underground, Pompompurin has gained a reputation of a very well-known player involved in a wide range of activities including hacking companies, and selling or leaking stolen data through forums and social media networks. 

The Raid Forum's cybercrime forum was also a well-known forum where he was active. 

It was an initiative of Pompourin to fill the void left by RaidForums' seizure by the FBI in 2022 by founding an independent forum called 'BreachForums.' 

In recent years, it has been one of the largest forums of its kind, used by malicious users of ransomware and hackers to leak stolen information to the public. 

Earlier this week, a threat actor attempted to use BreachForums to sell the personally identifiable information of U.S. politicians that had been breached in a breach in Washington. 

The Washington Health Link is a healthcare provider for U.S. congressmen and women. Members of the House, their staff, and their families will be affected by the legislation. 

Pompompurin has also been involved in various high-profile breaches of high-profile companies over the years, as BreachForums has become a force in cybercrime. 

Several breaches have been reported, including sending bogus cyberattack emails through a vulnerability in the FBI's Law Enforcement Enterprise Portal (LEEP), stealing customer data from Robinhood, and allegedly confirming the email addresses of 5.4 million Twitter users using a bug.

BreachForums Mastermind Pompompurin Arrested in New York

 


Earlier this week, U.S. law enforcement officials arrested a New York man as part of their efforts to crack down on the infamous hacking forum BreachForums, which was run by an individual who used the alias “Pompompurin.”

According to Bloomberg Law, a federal investigator spent hours inside as well as outside a Peekskill home earlier this week following reports from News 12 Westchester that federal investigators “had spent hours inside and outside a home in Peekskill.”

Several bags of evidence were removed by investigators from the house at one point, according to a local news service based in New York. 

The suspect has been identified as Conor Brian Fitzpatrick as per an affidavit filed by the Federal Bureau of Investigation (FBI). He also admitted to owning the BreachForums website according to the affidavit. 

A special agent of the FBI, John Longmire, stated that the defendant's statements to him on March 15, 2023, showed that: 

a) he was Conor Brian Fitzpatrick; 
b) he referred to himself as 'pompompurin,' and 
c) he owned and administered a website called 'BreachForums.' He was the owner and administrator of that website. 

A conspiracy charge against Fitzpatrick has been filed on behalf of a salesperson in connection with unauthorized access to devices sold by him to individuals. It was announced that the defendant would be released from jail a day later after his parents signed a bond for $300,000. The District Court for the Eastern District of Virginia plans to see him on March 24, 2023, at a hearing scheduled to take place there. 

Along with not being able to obtain a passport or other international travel documents, Fitzpatrick is being prohibited from contacting any of his co-conspirators, or using narcotics or other controlled substances unless he has a prescription from a licensed medical practitioner, among other restrictions. 

A coordinated law enforcement operation in March 2022 led to the seizure of the control of RaidForums and the emergence of BreachForums last year. Security firm Flashpoint said at the time that popompurin stated in the threat actor's welcoming thread that BreachForums was not affiliated with RaidForums in any way. 

Because this forum has been hosting stolen databases belonging to several companies, which often include personal information that can be sensitive, the forum has gained notoriety since it was founded. 

A forum user named Baphomet, who was on the forum after Fitzpatrick's arrest, said they owned the website and that Fitzpatrick was the owner. In their report, they noted that no evidence was found that the breached infrastructure had been accessed or modified in any way by anyone. 

In the latest development, the Cyber Police of Ukraine announced the arrest of a 25-year-old developer who had created what they believe was an "app" for gaming, which infected over 10,000 computers with a remote access Trojan.