The FBI has seized control of domains linked to the BreachForums hacking forum, used by cybercriminals to buy, sell, and trade hacked or stolen data.
It's been used by hacking groups including Baphomet, IntelBroker, and ShinyHunters – the groups now forming Scattered Lapsus$ Hunters, which earlier this month took control of the domain.
These actors are behind recent Salesforce attacks against companies including Google, Palo Alto Networks, Zscaler, and Cloudflare, as well as Disney, Qantas, Air France-KLM, and Toyota, and have been using the site to leak data and carry out extortion attempts.
"This takedown removes access to a key hub used by these actors to monetize intrusions, recruit collaborators, and target victims across multiple sectors," said the FBI.
"It demonstrates the reach of coordinated international law enforcement operations to impose costs on those behind cyber crime."
This isn't the first time the FBI has taken action. It first took the site down in March 2023 following the arrest of its founder, Conor Brian Fitzpatrick. Last year, in a joint operation with Europol, it repeated the action – although within days the site was resurrected and others emerged.
These takedowns are having a cumulative effect, according to Cory Michal, chief security officer at AppOmni.
"Each seizure chips away at its credibility, and repeated takedowns always raise the lingering question within the underground community about whether the site, or its successors, are secretly being run or monitored by authorities. That kind of uncertainty is often as damaging to these forums as the actual takedown itself," he said.
“Each takedown makes these communities more fragile and less trusted, and the logistics of keeping a large, centralized platform online under constant law enforcement scrutiny have become unsustainable."
BreachForums takedown marks end of an era
Interestingly, this appears to be a concern held by the attackers themselves, who have commented that 'the era of forums is over'.
Michal warned that the attackers are likely to continue operating their data leak sites, but with Telegram as their main communications hub.
"Those channels are easy to recreate if taken down, and private messages are end-to-end encrypted, giving them a persistent base of operations. In the near term, they’ll enter a monetization phase, extorting affected companies and attempting to convert stolen data into cryptocurrency," he said.
“Once that cycle runs its course, they’re likely to reinvest both time and funds into new campaigns, focusing on high-value SaaS platforms and enterprise tenants where access can be monetized again through resale, ransomware, or additional data theft. This progression follows a familiar pattern among more organized cyber-extortion groups."
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
What is a tensor processing unit (TPU)?Explainer Google's in-house AI chips are the most notable alternative to Nvidia at the enterprise scale
-
Cyber Security and Resilience Bill: Security experts question practicality, scope of new legislationNews The new legislation aims to shore up critical infrastructure defenses, but questions remain over compliance and scope
-
Laid off Intel engineer accused of stealing 18,000 files on the way outNews Intel wants the files back, so it's filed a lawsuit claiming $250,000 in damages
-
GitHub is awash with leaked AI company secrets – API keys, tokens, and credentials were all found out in the openNews Wiz research suggests AI leaders need to clean up their act when it comes to secrets leaking
-
When cyber professionals go rogue: A former ‘ransomware negotiator’ has been charged amid claims they attacked and extorted businessesNews The attackers are alleged to have demanded ransoms of up to $10 million
-
CISA just published crucial new guidance on keeping Microsoft Exchange servers secureNews With a spate of attacks against Microsoft Exchange in recent years, CISA and the NSA have published crucial new guidance for organizations to shore up defenses.
-
US telco confirms hackers breached systems in stealthy state-backed cyber campaign – and remained undetected for nearly a yearNews The hackers remained undetected in the Ribbon Communications’ systems for months
-
Google says reports of a 'huge' Gmail breach affecting millions of users are false, againNews Reports of a major Gmail affecting millions of users have been flooding the web this week – Google says they're "false" and you've nothing to worry about.
-
Enterprises can’t keep a lid on surging cyber incident costsNews With increasing threats and continuing skills shortages, AI tools are becoming a necessity for some
-
Cyber researchers have already identified several big security vulnerabilities on OpenAI’s Atlas browserNews Security researchers have uncovered a Cross-Site Request Forgery (CSRF) attack and a prompt injection technique
