BreachForums Is Back Online, Led by ShinyHunters

BreachForums Back Online, Revived by ShinyHunters
It is quite an uncommon occasion when black hat hackers takeover the ceased Darknet forum

BreachForums, an infamous Darknet forum that was shut down in late March 2023, is back online since approx. June 13 2023. After 3 months offline, it is revived by a hacker group called ShinyHunters. But will Breached be as successful as they used to be?

What is BreachForums?

Breached Forums used to be a massive Darknet forum that was acting not only as a communication platform but also as a black market. Hackers from all over the world were selling databases of leaked credentials, banking cards, data stolen from corporations and so forth. Its popularity peaked in early summer 2022, after the FBI closed another Darknet forum – RaidForums – and detained its administrator.

Though, the same but different fate was against BreachForums. One day, Conor Brian Fitzpatrick a.k.a. Pompompurin made a mistake that cost him his freedom – logged into his account without using VPN. That immediately revealed his IP address, and just in a couple of days, pleasant men in uniform were at his doorstep. Despite the servers not being accessed by the law enforcement directly, the other admin of BreachForums decided to shut off the forum, as there was a risk that law enforcement would find him as well.

Baphomet Finalstatement
The second admin’s statement regarding BreachForums shutdown

But, as it turns out, there could be life after death. In late May 2023, several places posted information regarding the Breach revival by ShinyHunters. This infamous gang states they will take over the Breached Forums and run it despite the hazards from the enforcement agencies. And now it is confirmed – BreachForums is back online.

BreachForums Are Revived by ShinyHunters

Probably, the most obvious sign of recognition for the cybercrime gang is the article on Wikipedia. Black hat hackers from ShinyHunters are known for hacking into Microsoft, Bonobos, NitroPDF and many others – enough to get an ill fame. Being active since 2020, they quickly gained a considerable number of victims, especially for peaky guys that are not attacking everyone they see. Despite the detainment of one of their crew members in Morocco, the gang keeps going and, what’s more important, expanding their activities.

BreachForums Back Online
First message on the recovered BreachForums site

The “takeover” of BreachForums is probably the new vector of cybercrime gang development – in all senses. It is probably the first time when a full-fledged cybercrime gang will have an entire forum under their control. Such a behaviour is also a definite sign of hackers having no fairness before law enforcement. This forum was – and still is – a subject of FBI investigation, thus claiming its possession is dangerous to say the least. Possibly, Baphometh, the second admin of Breached, joined or sold all the assets related to this forum to the gang.

Conflict with other forums

Obviously, after the Breached shutdown in late March, its numerous alternatives popped out. Though fellow hackers did not haste using them, because of fears these platforms may be controlled by the FBI or other law enforcement. To bait people, these forums were claiming “cooperation with Breached”, which forced Baphometh to publicly reject any relations. Though some black markets, like Exposed Forum, went further, putting to use incriminating banners like the one they currently have.

Exposed forums rant
Banner by the ex-ExposedForum URL that incriminates BreachForums admins of bad OPSEC

Possibly, such a decision and reaction from Exposed admin(s) is dictated by the Breached resurgence. Having to compete with such a large and widely-known brand is pretty tough, thus selling off is an obvious decision. But for me, it looks like shutting down the honeypot which will not be able to attract enough crooks after the rebirth of Breached. This guess is complemented with what appears to be the IP address and hosting name of the Breached back-end server. It is known that the FBI accessed (part of) the network infrastructure of BreachedForums – that’s why, exactly, it was disabled. And I doubt feds are generous enough to allow some hackers to mess around this information.

What then?

It will be pretty interesting to see the fate of such an ambitious step. As I said, after the Breached Forums shutdown, a lot of its alternatives appeared. Some even provided themselves with “promotion” – like Exposed forum, that posted the leaked database of RaidForums. Two months of shutdown never was a pleasant thing for popularity – thus the only thing we can do is simply spectate.

For now, I can warn you about using all such forums. Being a cybercriminal’s nest, any Darknet forum accumulates tons of illegal stuff. Touching it, even if it is a database leaked a couple of years ago, may be the reason for law enforcement to pay a visit to your settlement. Moreover, such places commonly swirl with pitfalls where you can be tricked to install malware. And it is good to remember that all such places are thoroughly controlled by the FBI and other enforcement agencies. Everything you say can and will be used against you!

By Stephanie Adlam

I write about how to make your Internet browsing comfortable and safe. The modern digital world is worth being a part of, and I want to show you how to do it properly.

Leave a comment

Your email address will not be published. Required fields are marked *