Infamous BreachForums down, black hats claiming responsibility

The reincarnated cybercrime marketplace BreachForums, which had its former administrator busted by the feds last year, has now suffered an attack from its rivals, bringing the website down.

Threat actor group R00TK1T, notorious for multiple cyberattacks in Malaysia, together with the pro-Russian gang Cyber Army of Russia, claim to have breached the site.

“We are R00TK1T and the attack group CyberArmyofRussia, are proud to announce our success in bringing down the servers of BreachForums. The site has currently crashed due to the extent of our attack, which was executed with extreme precision and efficiency,” the black hats boasted on Telegram.

They also promise “more surprises for both the hacker community as well as for users around the world who used the forums regularly” on their next move.

“Soon we will publish the list of their users with IP, emails, etc.” R00TK1T said in a separate post.

The illicit marketplace is offline and inaccessible from any country.

The current BreachForums administrator, Baphomet, responded on Telegram with confirmation.

“The domain is currently suspended. We're working on it. We apologize for any inconvenience. We will update you when we know more.”

The Cybernews Research Team observed that the forum can still be accessed through a TOR mirror.

“If it's only a domain suspension, user data should be safe. However, as Baphomet states, they are currently investigating the scope of the issue, so the safety of user data may still be at risk if domain suspension is only a smaller part of the issue,” researchers said.

BreachForums suffered multiple blows recently from both authorities and rivals. In March 2023, federal agents arrested Conor Brian Fitzpatrick, known as Pompompurin, a suspected former curator of the forum. Then, the forum went offline but was later revived by the current admin, Baphomet. The hacker repository vx-underground announced that a notorious hacker gang, ShinyHunters, took over the site on June 2nd, 2023. Then, the new BreachForums site got hacked, and its user database was stolen and published.

Update: BreachForums restored, moved to new domain

The BreachForums site later came back online from a new domain. The administrator Baphomet blamed “not only the "five eyes" network, but various other large nations “working together” for the attack. Shots were also fired at the gangs claiming the breach.

“Anytime we experience downtime or a domain suspension, groups of morons take credit for it despite doing literally nothing but smashing their little pig fingers on a keyboard the second any issues happen on our forum,” Baphomet’s post reads.

The administrator of the forum also said that they’re working on additional protections.

“At this point, nothing has been seized, hacked, or even reasonably attacked. There is a chance that we are going to experience DDoS attacks like every other time we come back after any downtime/suspension, so just be patient with us,” Baphomet said.

R00TK1T reacted with threats to “disrupt and destroy” the forums.

“After you decided to go to war with the wrong opponents and after you denied anything to do with our attacks even though your forum was down for almost a whole day, we are taking a step forward,” they said on Telegram and promised “one heck of an adventure.”

Updated on April 16th [03:00 p.m. GMT] with new statements.

More from Cybernews:

Apple revokes Game Boy emulator from the App Store

Third-party breach hits MFA authenticator Cisco Duo

Musk’s Tesla lays off 10% of its workforce

OpenAI confirms first Asia office in Tokyo

SCOPE and iDenfy unite for AI-powered fraud prevention

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked