Dark Peep #14: The Good, The Bad, and The Glitchy

Welcome back to Dark Peep, your ultimate guide to the latest digital dramas and cyber escapades in the dark web‘s wild frontier. In this electrifying fourteenth edition, we delve into a world where cyber outlaws clash with digital sheriffs in high-stakes showdowns.

Imagine a moonless night in the shadowy corners of the internet. The digital winds howl as hackers and vigilantes prepare for their next move. This issue promises thrilling tales of high-tech heists, dramatic takedowns, and relentless pursuits of justice.

From the FBI’s raid on BreachForums to ShinyHunters’ new Telegram chaos, and the dramatic events surrounding Doxbin, we bring you the most riveting stories from the cyber underworld. We’ll also uncover Deanon Club’s explosive claims, GhostSec’s surprising shift, and the fiery clash between USDoD and ShinyHunters.

So, grab your popcorn and secure your Wi-Fi, because Dark Peep #14 is here to show you that the cyber frontier is wilder and more unpredictable than ever. Welcome to the show!

FBI Crashes the Party: Familiar Banner Greets Visitors at BreachForums

Topping our blog’s list of the Top 10 Dark Web Forums, BreachForums v2, a successor to the once-popular hacker forums RaidForums and Pompompurin‘s BreachForums v1, met a similar fate. On May 15, the FBI seized control of BreachForums v2 and The Jacuzzi Telegram channel, managed by BreachForums v2 administrators. This platform was a prominent hub on the dark web, particularly known for leaking and distributing databases.

BreachForums v2 was resurrected by Baphomet, a former admin of Pompompurin’s BreachForums, and ShinyHunters, a group notorious since the RaidForums days for major data breaches (such as Wattpad and AT&T).

Initially suspected to be an FBI honeypot, BreachForums gradually captured the attention of various threat actors and succeeded in reuniting its former members. Notably, it became a platform for well-known threat actors like IntelBroker and USDoD to share databases.

IntelBroker is recently known for alleged breaches involving HSBC, Barclays, Zscaler, and Europol.

USDoD gained notoriety with claims of breaches involving UK government data, Infragard, and LinkedIn.

Following the FBI takeover, a banner was displayed on the site, implying the arrest of the forum’s lead administrator, Baphomet. ShinyHunters and IntelBroker confirmed Baphomet’s arrest on their Telegram channels.

As we mentioned in Dark Peep #12, the threat actor USDoD had previously warned of unusual activities on BreachForums and predicted that it would share the same fate as Pompompurin’s BreachForums.

So, what’s next?

What Happened to $8K?

One of the main reasons BreachForums was the go-to spot for threat actors was its escrow system. But after law enforcement swooped in, BreachForums tried to keep the chaos going through ShinyHunters’ new Telegram channels. Now, it looks like some of the cyber baddies are finding their wallets mysteriously lighter. Yup, some cash seems to have vanished into thin air—or maybe into a threat actor’s vacation fund. This whole mess gives us a peek into the wild and wacky economy of the dark web.

The Doxbin Heist—or Just Another Exit Scam?

On May 15th, social media was ablaze with a wild video claiming to show the abduction of a person alleged to be the operator of Doxbin, the notorious platform for doxxing. The video didn’t stop there; it also flaunted access to Doxbin’s admin panel and showcased a Monero wallet containing a whopping $423,568 worth of Monero.

Speculations quickly followed, with many suspecting this dramatic display was nothing more than a cleverly staged exit scam.

Of course, in the chaotic world of the dark web, any vacuum is swiftly filled. Threat actors eagerly jumped into the fray, announcing their grand plans and vying to be the next Doxbin. Buckle up, because the race to replace Doxbin is officially on!

Did Deanon Club Just Spill the Beans on Doxbin?

Just when you thought the Doxbin drama couldn’t get any crazier, in swoops Deanon Club, the latest contender in our cyber soap opera. They claim the Doxbin operator is a member of Scattered Spider and sitting on a tidy sum of $80 million.

But wait, there’s more! Deanon Club says they’ve got the operator’s location, face, full name, projects, wallets, and even postal info. And like any good entrepreneur, they’re ready to sell all this juicy intel for $1,000,000.

Hacktivists or Capitalists?

GhostSec, a notorious member of The Five Families, recently announced a dramatic shift in their mission. They declared they would no longer be a financially motivated group and would focus solely on hacktivist activities. Déjà vu, anyone?

The threat group claimed they’ve collected enough ransom money and will now be offering paid courses. Are they turning over a new leaf or just expanding their business model? It seems like they might be a bit confused about their true identity. Hacktivists by day, online instructors by night.

USDoD vs. ShinyHunters

Following the announcement that the threat actor USDoD plans to launch a new hacker forum, things have gotten heated in the ShinyHunters’ Telegram channel. What started as a simple announcement quickly escalated into a full-blown clash between ShinyHunters and USDoD.

GlorySec Targets Indonesian Hackers and Partners with Indian Threat Actors

The threat group, GlorySec, has announced they will expose any Indonesian threat actor attempting to infiltrate Western cyberspace, vowing to publicly reveal their identities. They’re also open to engaging with these hackers, leaving room for either conflict or cooperation.

In a surprising twist, GlorySec plans to collaborate with Indian hacktivists, hinting at coordinated cyber activities with geopolitical implications. Additionally, they’ve pledged support for the Georgian people, seeking suggestions via Twitter for their future actions.

R00TK1T’s Cyber Circus: Now You See Them, Now You Don’t

R00TK1T is back on their nonsense, folks! First, they made a dramatic exit, deleting all their Telegram messages and swearing off the hacking scene. But, surprise! No one had time to miss them because they came back, guns blazing, targeting various countries and throwing a tantrum at Anonymous Egypt for supposedly stealing their content. They were so mad, they specifically targeted Egypt in their posts.

Then, in classic R00TK1T fashion, they did a complete 180—deleted everything again and announced they’re turning into white hat hackers. And, of course, they couldn’t resist their trademark long-winded messages.

Conclusion

As we wrap up this Dark Peep #14, it’s clear that the dark web remains as unpredictable as ever. The landscape constantly shifts, bringing new threats, alliances, and strategies. In this volatile digital realm, staying informed is crucial.

Leverage SOCRadar XTI’s Cyber Threat Intelligence module for the latest dark web news and insights. Stay vigilant, stay informed, and join us as we navigate the ever-changing cyber underworld.