Cyber criminal forum targets only Russia

Researchers at Digital Shadows’ Photon Research Team have this week printed data on an underground Russian language cyber criminal forum that stands out from the group for a brand new, however not altogether stunning, motive – it explicitly targets only victims in Russia and Belarus.

The Dumps Forum appears to have been established inside the previous three months, and, in line with the Photon staff, it has a small membership of round 100 people – it doesn’t but seem to vet them. Like most of its friends, it incorporates sections providing cyber assaults as a service, information leaks, illicit supplies, carding help, malware and entry to compromised networks.

But in contrast to its friends, that Dumps’ precise aim is to help the Ukrainian battle effort is made abundantly clear from the get-go; its mission assertion interprets as: “Information services/leaks or other services on our forum are allowed in relation to only two states, these are the Russian Federation and Belarus. Topics that mention other countries are not allowed. This is the main rule of our forum.”

This intent can also be expressed redirect hyperlinks to data on the continued battle in Ukraine, and Ukrainian and pro-Ukraine charity organisations.

The Photon staff stated that whereas Russia’s invasion of Ukraine has been condemned all over the world, the battle has confirmed very divisive in the cyber criminal community – which is, after all, closely influenced by Russian actors.

“Opinions on Russian president Vladimir Putin’s so-called ‘special military operation’ depend on several factors, notably the cyber criminal’s background, political beliefs or other nationalistic drivers,” they wrote.

“As we’ve reported in previous blogs, some internet users have taken it on themselves to take an active role in the conflict, targeting Russian organisations with targeted data breaches, distributed denial of service [DDoS] attacks and defacement activity.”

However, they went on, Dumps seems to be the only cyber criminal forum to have adopted a pro-Ukraine stance. “[This] puts Dumps Forum in a unique position, whilst also painting a target on its own back; if the forum develops into a well-known and successful project, it will likely become a target of counter activity from Russia-supporting cyber criminals,” the Photon researchers added.

“The brazen nature of the forum is probably finest emphasised by the forum administrator truly posting their location, which factors to a residential residence in Kyiv. The roof of the constructing incorporates an insult in the direction of Vladimir Putin.

“We’ve no idea if this location is actually the admin’s home, however it emphasises the spirit of defiance and resistance in which the forum is built.”

The researchers stated that the forum’s guidelines state all subjects have to be aimed in the direction of anti-Russian or Belarussian exercise, and far of what’s going on inside its confines pertains to sharing leaked information, promoting DDoS assaults, solid and stolen ID paperwork, and ‘bulletproof’ internet hosting providers. Some sections of the forum, akin to these referring to carding or preliminary entry brokers [IABs], are in reality devoid of exercise.

By some margin, the most important energetic part of Dumps is dedicated to leaked information stolen from Russian authorities our bodies and personal sector corporations, together with numerous utilities suppliers.

Dumps’ DDoS-as-a-service part, in the meantime, allows customers to name in a DDoS assault on any community useful resource, beginning at $80 for an hour-long bombardment or $500 for twenty-four hours at Layer 4, with as much as 500Gbps of firepower. A Layer 7 DDoS assault runs about $100 dearer.

The third most energetic part, known as ‘probiv’ (a Russian slang time period that loosely interprets as ‘look-up’) which is aimed toward promoting data providers the place cyber criminals can discover data on their potential targets, for a value. Some of the objects at present obtainable embrace Russian passport data, criminal data together with convictions for possessing unlawful weapons, and knowledge associated to individuals shopping for tickets to depart Russia.

The Photon Team postulated that this may counsel that Dumps’ admins and customers are notably all in favour of Russian residents sympathetic to Ukraine’s trigger, a few of whom could also be inclined to aim to journey to Ukraine to behave as mercenaries or partisans. One may infer this from the truth that the forum content material is nearly completely written in Russian (which many Ukrainians communicate) and never Ukrainian (which most Russians don’t). Dumps claims, by the way, to be blocked in Russia.

The Photon staff stated Dumps was possible nonetheless making an attempt to ascertain itself, therefore it stays comparatively straightforward to seek out and be a part of, though this presents an operational safety threat to its admins ought to it turn into too well-known, notably within the pro-Russian underground.

“Dumps Forum likely has an important role to play in the ongoing Russia-Ukraine war; as a hub for hacktivists and patriotic cyber threat actors, as a symbol of resistance, and making a demonstrable difference on the cyber battlefield,” they stated.

“Any success achieved by Dumps Forum will however attract unwanted attention. The ban on Russian citizens visiting the forum highlights that the forum is already on the radar of the Russian state. It is also realistically possible that the success of Dumps Forum may inspire other services looking to play a part in the ongoing conflict.”