BREAKING: BreachForums Seized, Yet Again

All domains hosted at .st/.cx/.is/.vc and run by ShinyHunters seized

by Mihir Bagwe May 15, 2024 in Cybersecurity News, Firewall Daily, Governance Reading Time: 2 mins read 0

591 SHARES 3.3k VIEWS Share on LinkedInShare on Twitter

The notorious for the second time in a year.

The U.S. law enforcement today seized the clear web domain of the second version of BreachForums – popularly known as a Breached hacking forum in the underground market.

Hosted at BreachForums[.]st, the domain now shows a seizure banner saying the website was taken down by the FBI and the U.S. Department of Justice with assistance from international partners.

Other law enforcement authorities worldwide were also part of this action, including the Australian Federal Police, the U.K. National Crime Agency, New Zealand Police, police department of the canton of Zürich in Switzerland and Icelandic Police, among others.

As is common with domain seizure messages, law enforcement displayed the logo for the site. It however took an unconventional approach by also featuring two avatar's – likely of BreachForums' administrators “Baphomet” and “ShinyHunters” – behind bars in the seizure banner.

BreachForums Seized

The message on the banner reads: “We are reviewing this site's backend data. If you have information to report about cybercriminal activity on BreachForums, please contact us.”

The law enforcement has also shared a link to a form hosted on the Internet Crime Complaint Center. The FBI has put out a questionnaire for victims or individuals that have information to assist in any of the investigations against BreachForums v2, BreachForums v1, or Raidforums.

A summary of the takedown of BreachForums on this portal says, “The Federal Bureau of Investigation (FBI) is investigating the criminal hacking forums known as BreachForums and Raidforums.

“From June 2023 until May 2024, BreachForums (hosted at breachforums.st/.cx/.is/.vc and run by ShinyHunters) was operating as a clear-net for cybercriminals to buy, sell, and trade contraband, including stolen access devices, means of identification, hacking tools, breached databases, and other illegal services.”

Earlier a separate version of BreachForums hosted at breached.vc/.to/.co and run by pompompurin between March 2022 to 2023 was seized by the U.S. law enforcement in June 2023.

Raidforums, hosted at raidforums.com and run by an admin under the moniker “Omnipotent” was the predecessor hacking forum to both version of BreachForums and ran from early 2015 until February 2022.

The Telegram channel of “Baphomet,” one of the administrators behind the BreachForums, has also been seized, according to a pinned message from the law enforcement on his channel.*

Credit: Dark Web Intelligence

The FBI and Justice Department spokespersons were not immediately available for comment when contacted by The Cyber Express.

This is a developing story. The article will be updated with the latest information as it becomes available.

Update 1*: Added Telegram account seizure details along with screenshot.


Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button