The Digital Shadows Photon Research Team has been investigating a pro-Ukrainian cybercrime forum called Dumps, which appears to be one of them
- Alex Scroxton, Safe Editing
August 12, 2022 17:15
A team of researchers from the Photonic Research Center at Digital Shadows posted this week on an underground Russian-language cybercrime forum that stood out from the crowd for a new but not entirely impressive Surprisingly re-ason – it explicitly only targets victims in Russia and Belarus.
The Dumps forum appears to have been established within the last three months, According to the Photon team, it has a small membership of around 100 — it doesn’t appear to have vetted them yet. Like most of its peers, it includes sections that provide cyberattacks as a service, data breaches, illegal material, grooming support, malware, and access to compromised networks.
but different from peers Yes, the actual goal of Dumps to support Ukraine’s war effort was clear from the outset; its mission statement translates as: “Information services/leaks or other services on our forums are only allowed to be related to two countries, the Russian Federation and Belarus . Mentioning topics from other countries is not allowed. This is the main rule of our forum.”
The intent is to also express redirected links to information about the ongoing conflict in Ukraine and Ukrainian and pro-Ukrainian charities.
Photon team says that while Russia’s invasion of Ukraine has been worldwide Condemned, but the conflict has proven to be very divisive within the cybercrime community – largely influenced by Russian actors, of course.
“Opinions on Russian President Vladimir Putin’s so-called “special forces”” Action “depends on several factors, notably the cybercriminal’s background, political beliefs, or other drivers of nationalism,” they wrote. “As we’ve reported in our previous blog, some internet users are already actively involved in the conflict. Play an active role in targeted data breaches, distributed denial of service [D DoS] attacks, and defacement campaigns against Russian organizations. ”
However, they continue, the dump seems to be the only thing taken pro A cybercrime forum for Ukraine’s position. “[This] puts the Dumps Forum in a unique position, while also portraying a goal for itself; if the forum grows into a well-known and successful project, it will likely become a pro-Russian network A target for criminals to fight back,” the Photon researchers added.
“What the forum admins can best emphasize is the brazenness of the forum, actually posting their location, which points to a residential apartment in Kyiv. The roof of the building contains insults to Vladimir Putin. “We don’t know if this location is really the administrator’s home, but it underscores the spirit of defiance and resistance that built the forum.”
The forum’s rules state that all topics must be directed towards anti-Russian or Belarusian activity, and most of what happens within its confines is related to sharing leaked data, promoting DDoS attacks, forged and stolen identities, the researchers said Credentials and “bulletproof” hosting services. Some sections of the forum, such as those related to grooming or Initial Access Brokers [IAB], don’t actually have any activity.
To a certain extent, the largest active part of Dumps is dedicated to for leaking data stolen from Russian government agencies and private sector companies, including some utility providers.
The DDoS-as-a-Service portion of Dumps also enables users to Invoking a DDoS attack on any network resource starts at $80 for an hour of bombardment, and starts at $500 for a 24-hour Layer 4 attack with firepower up to 500Gbps. A Layer 7 DDoS attack costs about $100 more.
The third most active part, called “probiv” (Russian slang, roughly translated to “find”), designed to advertise information services where cybercriminals can find information about their potential targets, but at a price. Some of the items currently available include Russian passport information, criminal records (including convictions for possession of illegal weapons), and information related to the purchase of airline tickets out of Russia.
The Photon team hypothesized that this might indicate that Dumps administrators and users Of particular interest are Russian citizens sympathetic to the Ukrainian cause, some of whom may be inclined to try to travel to Ukraine as mercenaries or partisans. One can also infer this from the fact that forum content is written almost entirely in Russian (which many Ukrainians speak) rather than Ukrainian (which most Russians don’t). By the way, Dumps claim to be blocked in Russia.
Photon team says Dumps may still be trying to establish themselves , so it’s still relatively easy to find and join, although if it becomes too well-known, especially in the pro-Russian underground, this poses an operational security risk to its administrators.
“The dump forum may be in progress in Russia and Ukraine plays an important role in relations at war; as a hub for hacker activists and patriotic cyber threat actors, as a symbol of resistance, and has a visible impact on the cyber battlefield,” they said.
“Any success in the Dumps forum would attract unwanted attention The ban on Russian citizens from accessing the forum underscores the attention the forum has received from the Russian government. The success of the Dumps Forum also has the potential to inspire other services looking to play a role in the ongoing conflict.”
Read more about Hacking and Cybercrime Prevention
Russia explores cyber war against Ukraine new depth
Russia explores cyber war against Ukraine new depth
go through: Sebastian Klovig Skelton