The FBI has seized control of domains linked to the BreachForums hacking forum, used by cybercriminals to buy, sell, and trade hacked or stolen data.
It's been used by hacking groups including Baphomet, IntelBroker, and ShinyHunters – the groups now forming Scattered Lapsus$ Hunters, which earlier this month took control of the domain.
These actors are behind recent Salesforce attacks against companies including Google, Palo Alto Networks, Zscaler, and Cloudflare, as well as Disney, Qantas, Air France-KLM, and Toyota, and have been using the site to leak data and carry out extortion attempts.
"This takedown removes access to a key hub used by these actors to monetize intrusions, recruit collaborators, and target victims across multiple sectors," said the FBI.
"It demonstrates the reach of coordinated international law enforcement operations to impose costs on those behind cyber crime."
This isn't the first time the FBI has taken action. It first took the site down in March 2023 following the arrest of its founder, Conor Brian Fitzpatrick. Last year, in a joint operation with Europol, it repeated the action – although within days the site was resurrected and others emerged.
These takedowns are having a cumulative effect, according to Cory Michal, chief security officer at AppOmni.
"Each seizure chips away at its credibility, and repeated takedowns always raise the lingering question within the underground community about whether the site, or its successors, are secretly being run or monitored by authorities. That kind of uncertainty is often as damaging to these forums as the actual takedown itself," he said.
“Each takedown makes these communities more fragile and less trusted, and the logistics of keeping a large, centralized platform online under constant law enforcement scrutiny have become unsustainable."
BreachForums takedown marks end of an era
Interestingly, this appears to be a concern held by the attackers themselves, who have commented that 'the era of forums is over'.
Michal warned that the attackers are likely to continue operating their data leak sites, but with Telegram as their main communications hub.
"Those channels are easy to recreate if taken down, and private messages are end-to-end encrypted, giving them a persistent base of operations. In the near term, they’ll enter a monetization phase, extorting affected companies and attempting to convert stolen data into cryptocurrency," he said.
“Once that cycle runs its course, they’re likely to reinvest both time and funds into new campaigns, focusing on high-value SaaS platforms and enterprise tenants where access can be monetized again through resale, ransomware, or additional data theft. This progression follows a familiar pattern among more organized cyber-extortion groups."
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
The tech industry is becoming swamped with agentic AI solutions – analysts say that's a serious cause for concernNews “Undifferentiated” AI companies will be the big losers in the wake of a looming market correction
-
Microsoft says 71% of workers have used unapproved AI tools at work – and it’s a trend that enterprises need to crack down onNews Shadow AI is by no means a new trend, but it’s creating significant risks for enterprises
-
A malicious MCP server is silently stealing user emailsNews Koi Security says it's discovered the first malicious MCP server in the wild, exposing a risk to the entire ecosystem
-
NCA confirms arrest after airport cyber disruptionNews Disruption is easing across Europe following the ransomware incident
-
Cyber skills shortages are pushing firms into dangerous shortcuts – and it’s putting them at huge risk of security breachesNews Chronic cyber skills shortages mean many businesses are implementing quick fixes
-
Pentesters are now a CISOs best friend as critical vulnerabilities skyrocketNews Attack surfaces are expanding rapidly, but pentesters are here to save the day
-
Hackers are disguising malware as ChatGPT, Microsoft Office, and Google Drive to dupe workersNews Beware of downloading applications like ChatGPT, Microsoft Office applications, and Google Drive through search engines
-
Generative AI attacks are accelerating at an alarming rateNews Two new reports from Gartner highlight the new AI-related pressures companies face, and the tools they are using to counter them
-
A terrifying Microsoft flaw could’ve allowed hackers to compromise ‘every Entra ID tenant in the world’News The Entra ID vulnerability could have allowed full access to virtually all Azure customer accounts
-
‘Channel their curiosity into something meaningful’: Cyber expert warns an uptick of youth hackers should be a ‘wake-up call’ after teens charged over TfL attackNews Encouraging youths to engage in positive tech initiatives will guide them down the right path and away from nefarious activities
