Hackers Claim Responsibility After BreachForums Take Down
Threat actor group R00TK1T & Cyber Army of Russia claim responsibility for BreachForums take down
Alan Joseph April 16, 2024 Dark Web News, Firewall Daily Reading Time: 3 mins read 0
591 3.3k Share on LinkedInShare on Twitter
The clearnet domain of the notorious BreachForums data leak and hacking forum has been taken down by rival threat actors. The threat actor group, R00TK1T, along with the pro-Russian gang Cyber Army of Russia, announced a breach of user data following the BreachForums take down.
R00TK1T was previously responsible for an attack campaign targeting the Malaysian government and various private entities including one of one of Malaysia's leading telecommunications operators.
The hackers responsible for the attack on BreachForums also claimed that they would leak a list of the forum's users, IP addresses and emails. Despite the attack, the TOR version of the site remains operational.
Groups Claim More Surprises for Hacker Community and Active Users
Source: R00TK1TOFF Telegram channel
R00TK1TOFF claimed on Telegram, that the site ‘has currently crashed due to the extent of our attack, which was executed with extreme precision and efficiency.' The DDoS campaign against the site had been conducted in a joint-effort operation of both groups. However, the BreachForums TOR address remains active and is known to implement DDoS protection.
Cybersecurity firm Hackmanac claimed in a note on X (Twitter) that:
R00TK1T is known for making grand claims about significant data breaches, which more often than not turn out to be merely a collection of publicly available data. Given the group's reputation, the threat to publish the IP and email addresses is likely to be a mere republishing of user details that were leaked last year by more credible threat actors.
Baphomet Issues Statement Regarding BreachForums Take Down
Baphomet, the administrator of BreachForums, made a statement about the incident on Telegram: ‘The domain is currently suspended. We're working on it. We apologize for any inconvenience.' He further advised its users to access the forums through via the TOR site until the issue was sorted.
In a later post via Telegram, Baphomet joked that the action must have been the work of the Five Eyes network along with various other large nations ‘working together to silence our forums.' He then downplayed the takedown of the .cx domain, recommending users to switch to a temporary new domain (breachforums.st).
Source: Baphomet Official Telegram channel
He stated that the .st domain would temporarily function as their main site while the admins work on ‘protection over the next week that'll make these one-time suspensions less effective' while emphasizing on the availability of the TOR domain at all times. He then claimed that nothing had been ‘seized, hacked, or even reasonably attacked.'
Noting that while their site might experience DDoS attacks and downtime, they would always come back. He advised users to be patient while thanking the community for being patient with such incidents.
R00TK1T, later responded in its own channel that Baphomet was denying the attacks and that together with the Cyber Army of Russia would ‘unleash a torrent of chaos that will leave you (Baphomet) reeling.
BreachForums has faced a series of troubles in recent times, including the arrest of its former owner Conor Brian Fitzpatrick (pompompurin), followed by an official seizure of the site by the Federal Bureau of Investigation(FBI) in cooperation with several U.S. agencies. The FBI stated in an affidavit that during the time of seizure, it had access to the BreachForums database.
A forum administrator operating under the screen name “Baphomet” took ownership of the website and its operations after the arrest of Fitzapatrick. The site was temporarily shut down after Baphomet's suspicion of the forum still being compromised. However, Baphomet later reopened the forum to the public with the aid of black-hat hacking group ShinyHunters.
ShinyHunters was previously responsible for several large-scale data breach attacks, obtaining about 200 million records of stolen data from various companies.
