In our most recent weekly insight, we delved into the escalating drama within the underground cybercrime community, particularly focusing on a feud between two threat actors and the administrators of Breach Forums. The rift began when the threat actors were banned for doxing, a clear violation of the forum’s rules. One of the disgruntled hackers responded by leaking the entire official data leaks page of the forum.

Breach Forums features a marketplace where users buy credits to purchase data breaches. These credits are usually accumulated by selling breaches, leading to substantial collections for dedicated hackers. The banned threat actors, having amassed a significant number of breaches, decided to upload all the data for free on a file hosting site, undermining the forum’s revenue model which relies on credit purchases with cryptocurrencies. This move has set the stage for what promises to be a contentious and chaotic few weeks.

On the corporate front, AT&T recently disclosed a breach in an 8K report filed with the SEC, revealing a compromise initiated by the Shiny Hunters malware campaign. The breach originated from a data leak involving Snowflake, a cloud-based data platform, and affected over 150 companies. The breach first came to light when data from Ticketmaster appeared for sale on a notorious cybercrime forum. Despite SEC regulations mandating prompt disclosure, the FBI and DOJ granted AT&T two extensions due to potential national security risks.

In another twist, the FBI’s recent seizure of the Baphchat Telegram group has backfired. The group, associated with Baphomet and previously taken over during the FBI’s takedown of the OneBreach forum, has been reclaimed by a threat actor. A prominent threat actor and forum moderator celebrated the recovery, stating, "This is truly a heroic day for all of us and a shameful day for the FBI, who fumbled the seizure." The group’s link now proclaims, "This Telegram chat is under the control of Breachforums," and the chat is buzzing with threat actors rejoicing over the FBI’s blunder.

Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan

THIS MONTHS SPOTLIGHT, VULNERABILITY CHAT & PRIVACY HEADLINES

It's kicking off in the underground cyber crime community.
https://breachaware.com/research/its-kicking-off-in-the-underground-cyber-crime-community
A total of 25 breaches were found and analysed resulting in 29,695,958 leaked accounts containing a total of 25 different data types. The breaches found publicly and freely available included Trello, 7k7k, Sword Fantasy, Zaimer and Xiaomi.

Kaspersky is being booted out of the USA.
https://breachaware.com/research/kaspersky-is-being-booted-out-of-the-usa
A total of 9 breaches were found and analysed resulting in 2,948,750 leaked accounts containing a total of 14 different data types. The breaches found publicly and freely available included Avito, Lulu Hypermarket, The Cellula, Boutique Curly and NATO Wiki.

Husky owners breach spreads like wildfire.
https://breachaware.com/research/husky-owners-breach-spreads-like-wildfire
A total of 18 breaches were found and analysed resulting in 5,935,927 leaked accounts containing a total of 28 different data types. The breaches found publicly and freely available included Giant Tiger, Telegram Base 2019-2023, Stealer Log 0475, Stealer Log 0474 and Tattletale.

Doctors and physicians exposed, prime for phishing attacks.
https://breachaware.com/research/doctors-and-physicians-exposed-prime-for-phishing-attacks
A total of 32 breaches were found and analysed resulting in 32,522,728 leaked accounts containing a total of 35 different data types. The breaches found publicly and freely available included IndiHome, LenDenClub, USA Business Men & Investor Database, US Doctor's Database 2024 and Stealer log 0473.

"This is not white-hat hacking; it is extortion."
https://breachaware.com/research/this-is-not-white-hat-hacking-it-is-extortion
A total of 22 breaches were found and analysed resulting in 20,007,669 leaked accounts containing a total of 25 different data types. The breaches found publicly and freely available included Russian Electronic School, Stealer Log 0470, piZap, USA Mobile Device Management Software (MDM) User Database and Ticketmaster.