cyware: BreachForums Down, But Not Out: Hackers Claim Attack, Admins Remain Unfazed

Summary: The clearnet domain of the BreachForums data leak and hacking forum has been taken down by rival threat actors, who have announced a breach of user data and threatened to leak user details. The TOR version of the site remains operational.

Threat Actor: R00TK1T | R00TK1T
Victim: BreachForums | BreachForums

Key Point :

  • Rival threat actor group R00TK1T, along with the pro-Russian gang Cyber Army of Russia, has taken down the clearnet domain of the BreachForums data leak and hacking forum.
  • The hackers have claimed a breach of user data and threatened to leak a list of the forum’s users, IP addresses, and emails.
  • The TOR version of the site remains operational.
  • R00TK1T is known for making grand claims about significant data breaches, which often turn out to be publicly available data.
  • BreachForums has faced previous troubles, including the arrest of its former owner and a temporary shutdown due to suspicion of compromise.

The clearnet domain of the notorious BreachForums data leak and hacking forum has been taken down by rival threat actors. The threat actor group, R00TK1T, along with the pro-Russian gang Cyber Army of Russia, announced a breach of user data following the BreachForums take down.

R00TK1T was previously responsible for an attack campaign targeting the Malaysian government and various private entities including one of one of Malaysia’s leading telecommunications operators.

The hackers responsible for the attack on BreachForums also claimed that they would leak a list of the forum’s users, IP addresses and emails. Despite the attack, the TOR version of the site remains operational.

Groups Claim More Surprises for Hacker Community and Active Users

Breach Forums Take Down
Source: R00TK1TOFF Telegram channel

R00TK1TOFF claimed on Telegram, that the site ‘has currently crashed due to the extent of our attack, which was executed with extreme precision and efficiency.’ The DDoS campaign against the site had been conducted in a joint-effort operation of both groups. However, the BreachForums TOR address remains active and is known to implement DDoS protection.

Cybersecurity firm Hackmanac claimed in a note on X (Twitter) that:

R00TK1T is known for making grand claims about significant data breaches, which more often than not turn out to be merely a collection of publicly available data. Given the group’s reputation, the threat to publish the IP and email addresses is likely to be a mere republishing of user details that were leaked last year by more credible threat actors.

Baphomet Issues Statement Regarding BreachForums Take Down

Baphomet, the administrator of BreachForums, made a statement about the incident on Telegram: ‘The domain is currently suspended. We’re working on it. We apologize for any inconvenience.’ He further advised its users to access the forums through via the TOR site until the issue was sorted.

In a later post via Telegram, Baphomet joked that the action must have been the work of the Five Eyes network along with various other large nations ‘working together to silence our forums.’ He then downplayed the takedown of the .cx domain, recommending users to switch to a temporary new domain (breachforums.st).

BreachForums take down
Source: Baphomet Official  Telegram channel

He stated that the .st domain would temporarily function as their main site while the admins work on ‘protection over the next week that’ll make these one-time suspensions less effective’ while emphasizing on the availability of the TOR domain at all times. He then claimed that nothing had been ‘seized, hacked, or even reasonably attacked.’

Noting that while their site might experience DDoS attacks and downtime, they would always come back. He advised users to be patient while thanking the community for being patient with such incidents.

R00TK1T, later responded in its own channel that Baphomet was denying the attacks and that together with the Cyber Army of Russia would ‘unleash a torrent of chaos that will leave you (Baphomet) reeling.

BreachForums has faced a series of troubles in recent times, including the arrest of its former owner Conor Brian Fitzpatrick (pompompurin), followed by an official seizure of the site by the Federal Bureau of Investigation(FBI) in cooperation with several U.S. agencies. The FBI stated in an affidavit that during the time of seizure, it had access to the BreachForums database.

A forum administrator operating under the screen name “Baphomet” took ownership of the website and its operations after the arrest of Fitzapatrick. The site was temporarily shut down after Baphomet’s suspicion of the forum still being compromised. However, Baphomet later reopened the forum to the public with the aid of black-hat hacking group ShinyHunters.

ShinyHunters was previously responsible for several large-scale data breach attacks, obtaining about 200 million records of stolen data from various companies.

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Source: https://thecyberexpress.com/breachforums-take-down-after-attack/


“An interesting youtube video that may be related to the article above”