Have the hackers been hacked?
Picture: ACS - supplied
Article Excerpt:
Duplicate BreachForums sites could be traps.
After disappearing in early April, hacking forum BreachForums has resurfaced through multiple clone websites which security experts suggest may be part of a covert law enforcement takedown.
BreachForums has provided hackers with a discussion and trading platform since March 2022, with its illicit data brokerage being linked to such cyberattacks as the 2022 Optus attack and this year’s alleged mega breach at cloud giant Oracle.
On 15 April, the platform disappeared in what appeared to be a distributed denial of service (DDoS) attack.
The platform has long served as the internet's black-hat 'village square' — while ransomware gangs tend to operate on hidden dark web blogs, BreachForums has provided cybercriminals a centralised, mainstream avenue to meet other criminals, discuss data breaches, share hacking tools and trade stolen data.
With its domain made unreachable and its criminal userbase left guessing whether the site had been compromised by law enforcement or rival hackers, the site quietly returned on Monday with nothing but a text message signed by an anonymous “BreachForums Administration” member.
The self-declared administrator explained an open-source forum software used by BreachForums had been subject to a zero-day vulnerability – prompting them to “immediately” shut down the platform’s infrastructure and conduct “incident response procedures”.
Evan Vougdis, one of our Cyber Directors and Cyber Threat Intelligence Practice Lead provided comment in this article:
Evan Vougdis, Cyber Director at Sydney-based cybersecurity firm NSB Cyber, told Information Age the clone websites were unlikely to be legitimate.
“While many clone sites are popping up, it’s unlikely these sites represent legitimate infrastructure relating to BreachForums, but rather potential law enforcement or scam honeypots designed to monitor, entrap, or defraud cybercriminals,” he said.
BreachForums later resurfaced under self-proclaimed operators Shiny Hunters, who famously used the platform to spruik an alleged data breach of ticketing and events giant Ticketmaster in 2024, before being passed to hacker ‘IntelBroker’ and, later, another hacker named ‘Anastasia’.
“This isn’t the first time we’ve seen BreachForums face potential law enforcement disruption, with the FBI seizing its domains multiple times,” said Vougdis.
“While its unlikely to be the end for BreachForums, one thing that isn’t clear right now is who is managing the site.”
Source: Information Age - ACS - Thursday 1 May 2025
Author: By Leonard Bernardone
Reference: Have the hackers been hacked?