SOCRadar® Cyber Intelligence Inc. | Dark Peep #15: The Perfect Heist Partner


Jul 05, 2024
6 Mins Read

Dark Peep #15: The Perfect Heist Partner

Welcome back to Dark Peep, your backstage pass to the wildest cyber drama on the dark web. In this blockbuster fifteenth edition, the FBI’s raid on BreachForums sends hackers fleeing, while ShinyHunters pull a magical disappearing act, sparking a frenzied hunt.

The USDoD threat actor, gold checkmark in hand, aims to expose BreachForums’ secrets and claim the cyber crown. Meanwhile, LockBit ransomware’s identity is being exploited by copycats, turning the dark web into a chaotic masquerade ball.

The visual representation of insider threat. Generated by OpenAI’s DALL-E.

The visual representation of insider threat. Generated by OpenAI’s DALL-E.

Adding to the excitement, we uncover a heist story that rivals Hollywood’s best: an insurance company employee seeking a hacker partner for an inside job. It’s Ocean’s Eleven meets Mr. Robot, with a dash of office comedy.

So, grab your popcorn, secure your Wi-Fi, and settle in for another action-packed episode of Dark Peep, where the digital underworld’s tales are wilder than any fiction. Welcome to Dark Peep #15!

The Threat Actor That Just Won’t Die

Remember the chaos on May 15th? The FBI swooped in and seized BreachForums, leaving the hacker community scrambling like ants at a picnic. The infamous ShinyHunters briefly resurrected the forum, reopening The Jacuzzi channel on Telegram to keep the gang together. It was like a digital zombie apocalypse.

BreachForums' Clearnet and Tor domains are down (DailyDarkWeb).

BreachForums’ Clearnet and Tor domains are down (DailyDarkWeb).

Then, on June 10th, poof! ShinyHunters and BreachForums vanished again. Cue the dark web’s version of a scavenger hunt as everyone tried to fill the void. But, just like a bad sitcom, they reappeared two days later, frazzled but not defeated.

ShinyHunters’ statement (DailyDarkWeb)

ShinyHunters’ statement (DailyDarkWeb)

ShinyHunters blamed their disappearing act on everything from their SMTP host being blacklisted by Spamhaus to NGINX hiccups and Telegram bans. They decided to ditch Telegram and admitted they were losing steam, but promised the forum would stay live.

ShinyHunters is no longer an administrator on the forum. The forum is run by a threat actor named Anastasia.

The Threat Actor That Just Wants Crown

USDoD threat actor's post. (X)

USDoD threat actor’s post. (X)

Before we dive into the juicy details, let’s address the real question: how did the USDoD threat actor snag a gold checkmark? Anyway, our gold-checked friend is on a mission to expose the flaws of BreachForums, all while dreaming of hunting a shiny crown. Guess someone’s got royal ambitions in the dark web kingdom!

LockBit Ransomware Love Fest

VX-Underground’s post

VX-Underground’s post

According to a message shared by VX-Underground on Telegram, it looks like LockBit has become the dark web’s newest BFF. Apparently, 200,000 people (or bots?) are lining up to be friends with the notorious ransomware gang.

Copycat Chaos on Telegram

Killsec’s statement

Killsec’s statement

The KillSec threat group revealed that their breach posts were stolen by a group impersonating LockBit. It seems like even cyber villains can’t escape the woes of identity theft. Move over, LockBit—there’s a new wannabe in town, and KillSec isn’t too happy about it!

The Perfect Heist Partner

In the wild world of hacker forums, the SOCRadar Dark Web Team stumbled upon a gem: an insurance company employee plotting an inside job. It’s like something straight out of a heist movie, but with more coffee breaks and fewer car chases.

A recruitment post seeking individuals specialized in hacking

A recruitment post seeking individuals specialized in hacking

Meet our daring protagonist—a disgruntled employee with limited hacking skills and big dreams. He’s on the lookout for a hacker buddy to help him breach the company’s defenses. His pitch? “I’ve got physical access to all departments and a shiny laptop ready to go. Let’s hack this place and split the loot!” Move over Ocean’s Eleven, there’s a new crew in town.

This whole escapade is a hilarious reminder that sometimes the biggest threats come from inside the building. Forget about sophisticated cyber attacks; the real danger is Ted from accounting teaming up with a keyboard warrior. Companies, take note: maybe it’s time to rethink those “Employee of the Month” awards.

As the office heist plot unfolds, we can’t help but chuckle at the absurdity. Remember, folks, in the world of cybersecurity, expect the unexpected—and maybe double-check your office buddy’s LinkedIn endorsements for “Hacking 101.”

CEO’s Message Goes Public

Threat actor’s statement

Threat actor’s statement

A threat actor claimed to have hacked a company, citing a message from its CEO and publishing allegedly stolen data.

How SOCRadar Guides Organizations Through Cyber Turbulence?

Dark Peep #15 has illuminated the tumultuous landscape of the dark web with its riveting tales of cyber drama. Amidst the chaos of BreachForums’ crackdown, ShinyHunters’ elusive maneuvers, and the emergence of LockBit ransomware imposters, organizations navigating this digital frontier can find solace in vigilant allies like SOCRadar.

SOCRadar Dark Web Monitoring

SOCRadar Dark Web Monitoring

With its Dark & Deep Web Monitoring solution, SOCRadar serves as a steadfast guide, detecting and neutralizing cyber threats with the precision of a seasoned tracker. As the cyber landscape continues to evolve, organizations can rely on SOCRadar to navigate the intricate web of threats and safeguard their digital assets effectively.