The notorious BreachForums online hacker marketplace appears to have been seized yet again. This time, it has been claimed by fellow hacktivst gang the Dark Storm Team – the same group believed responsible for last month’s massive outage of Elon Musk’s X.
It all coincides with rumors swirling on social media Tuesday about the arrest of “IntelBroker,” one of BreachForums’ major players.
The pro-Palestinian hacktivist group posted about the Breached takeover on its Dark Storm Team telegram channel early Tuesday morning (ET), claiming to have carried out the distributed denial-of-service (DDoS) attack “for fun.”
To back up its claims, the group provided a link to a Check-Host.net showing the site was still down in over two dozen countries by late afternoon. Cybernews can also confirm the BreachForums website was not loading and returning a “server not found.”
Before it was noted that the Dark Storm Team had claimed the Breached attack, X was ablaze with speculation of another FBI takedown. Threat intelligence firm ThreatMon posted about the unverified FBI seizure claims on X.
“There is no sign of the classic FBI "seized" page, and the domain’s technical records don’t show typical indicators of an official takedown. Only a single nameserver remains in place, hinting that the site may have simply been taken offline rather than formally seized,” ThreatMon wrote.
🚨🚨 BreachForums Allegedly Seized Again – IntelBroker Reportedly Arrested 🚨🚨
undefined ThreatMon (@MonThreat) April 15, 2025
Unverified claims circulating in Telegram channels suggest that the notorious data leak platform BreachForums may have been taken down once again. A message posted in one of the groups alleges that… pic.twitter.com/QCBD83OXxx
ThreatMon further noted that BreachForums had purportedly “resumed operation… through a new domain without wasting any time.”
As for rumors about the IntelBroker arrest, ThreatMon said it was first mentioned on one of the Telegram channels, but so far, there hasn’t been any proof or corroboration by US law enforcement.
Known for multiple high-profile breaches and data leaks, in 2024 IntelBroker claimed attacks on Tesla, Apple, AMD, and before that, HomeDepot, General Electric, PandaBuy, the US Citizenship and Immigration Services (USCIS), and Facebook Marketplace.
Meanwhile, the Dark Storm Team, which advertises its DDoS services for hire, had spent most of Tuesday pummeling the critical infrastructure websites of Finland’s Central Bank and Hungary’s Defense Ministry, among many others.
There has been no mention by the Dark Storm Team of how long it intends to hold the Breachforums site hostage, but its last major DDoS attack on X was carried out through the course of a full day.
In another BreachForums twist Tuesday afternoon, FalconFeeds.io, an alternative threat intel platform, posted on X that a Telegram group pushing the FBI takedown narrative, “is now promoting a new “breachedforum” domain.”
Trying to make a quick buck, the cybercriminals were advertising access to the "new" hacker marketplace in exchange for $250 worth of crypto. “But now turning to be a scam. They’re asking for $250 in XMR for access,” FlaconFeeds.io posted.
Rumours are swirling about Breach Forum being seized and “intel broker” getting arrested. Interestingly, a Telegram group that pushed this narrative is now promoting a new “breachedforum” domain — but now turning to be a scam
undefined FalconFeeds.io (@FalconFeedsio) April 15, 2025
They’re asking for $250 in XMR for access. https://t.co/dqSsxZIxBg pic.twitter.com/Bn9gLemCBp
BreachForums has had its ups and downs since the March 2023 arrest of its former founder and top administrator, Pompompurin, aka 20-year-old Conor Brian Fitzpatrick from New York.
The site, first seized by the FBI during the arrest, was then resurrected that June by its second in command, Blaphomet, only to be taken down by the FBI again in May 2024.
Since then, a third iteration of Breached was claimed by both Shiny Hunters and another one of the forum's notorious users, USDoD. In January, fellow hacker forums Cracked and Nulled were also seized by the FBI, with Cracked resurrected just last week.
Dark Storm strikes again
This latest BreachForums attack is just another notch in the belt for the hacker group. On March 12th, the Dark Storm digital army jumped on the anti-Trump and anti-Musk/DOGE bandwagon, taking down the X platform to "peacefully protest" the duo’s “blatant fascism and lack of humanity.”
The DDoS attacks on the Elon Musk-owned social messaging site, which flood a target’s servers with thousands of traffic requests (often using automated bots), came after a weekend of live protests at Tesla dealerships across the US.
Said to be a pro-Palestinian hacktivst group primarily focused on taking down Israeli infrastructure, the group has been boasting of its work on Telegram since 2023.
According to a cyber risk intelligence report by SecurityScorecard from 2023, the Persian-speaking group has not only targeted the Israeli government, local municipalities, and sensitive industries, but is also known for claiming DDoS attacks on John F. Kennedy Airport in New York and Los Angeles Airport (LAX), as well as Snapchat.
Dark Storm appears to follow a hacktivist playbook similar to the Killnet gang, which spent most of 2023 carrying out DDoS attacks against victims who supported Ukraine until it decided to commercialize its operations in favor of a DDoS hackers-for-hire model.
SecurityScorecard researchers say Dark Storm shows “commercial motivations in addition to political ones,” and like Killnet, has begun advertising itself as a “cybercrime-as-a-service,” complete with a menu of hacking services.
“For much of its history, it [Dark Storm] has targeted NATO member states and others that have declared their support for Ukraine,” suggesting Russian geopolitical interests, the researchers said.
Still its unclear if the Dark Storm Team is made up of nuanced cybercriminals or “script kiddies” playing games to make a name for itself.
Soon after the X attacks, a sole French security researcher claimed to have uncovered the identity of the Dark Storm hacker behind the entire operation – a 20-something engineering student from Egypt.
The researcher, Baptiste Robert, CEO at Predicta Labs, laid out his strictly Open Source Intelligence (OSINT) findings on X to praise from multiple security insiders.
Your email address will not be published. Required fields are markedmarked