05-16-2024, 01:55 PM
News FBI Seized BreachForums’ Web Domains and Telegram Accounts
<p><img width="1000" height="467" src="https://thecyberexpress.com/wp-content/uploads/BreachForums-Seized.webp" class="attachment-post-thumbnail size-post-thumbnail wp-post-image" alt="BreachForums seized" decoding="async" srcset="https://thecyberexpress.com/wp-content/uploads/BreachForums-Seized.webp 1000w, https://thecyberexpress.com/wp-content/u...0x140.webp 300w, https://thecyberexpress.com/wp-content/u...8x359.webp 768w, https://thecyberexpress.com/wp-content/u...0x280.webp 600w, https://thecyberexpress.com/wp-content/u...50x70.webp 150w, https://thecyberexpress.com/wp-content/u...0x350.webp 750w" sizes="(max-width: 1000px) 100vw, 1000px" /></p>The notorious BreachForums seized for the second time in a year.
The U.S. law enforcement today seized the clear web domain of the second version of BreachForums - popularly known as a Breached hacking forum in the underground market - that helped sell stolen data and credentials.
Hosted at BreachForums[.]st, the domain now shows a seizure banner saying the website was taken down by the FBI and the U.S. Department of Justice with assistance from international partners.
Other law enforcement authorities worldwide were also part of this action, including the Australian Federal Police, the U.K. National Crime Agency, New Zealand Police, police department of the canton of Zürich in Switzerland and Icelandic Police, among others.
As is common with domain seizure messages, law enforcement displayed the logo for the site. It however took an unconventional approach by also featuring two avatar's - likely of BreachForums' administrators "Baphomet" and "ShinyHunters" - behind bars in the seizure banner.
<h3>BreachForums Seized</h3>
The message on the banner reads: "We are reviewing this site's backend <a class="wpil_keyword_link" title="data" href="https://thecyberexpress.com/what-is-data/" target="_blank" rel="noopener" data-wpil-keyword-link="linked" data-wpil-monitor-id="3994">data</a>. If you have information to report about cybercriminal activity on BreachForums, please contact us."
The law enforcement has also shared a <a href="https://breachforums.ic3.gov/">link</a> to a form hosted on the Internet Crime Complaint Center. The FBI has put out a questionnaire for victims or individuals that have information to assist in any of the investigations against BreachForums v2, BreachForums v1, or Raidforums.
A summary of the takedown of BreachForums on this portal says, "The Federal Bureau of Investigation (<abbr>FBI</abbr>) is investigating the criminal <a class="wpil_keyword_link" title="hacking" href="https://thecyberexpress.com/what-is-hacking/" target="_blank" rel="noopener" data-wpil-keyword-link="linked" data-wpil-monitor-id="3993">hacking</a> forums known as BreachForums and Raidforums.
"From June 2023 until May 2024, BreachForums (hosted at breachforums.st/.cx/.is/.vc and run by ShinyHunters) was operating as a clear-net marketplace for cybercriminals to buy, sell, and trade contraband, including stolen access devices, means of identification, hacking tools, breached databases, and other illegal services."
Earlier a separate version of BreachForums hosted at breached.vc/.to/.co and run by <a href="https://thecyberexpress.com/breachforums-admin-pompompurin-pleaded-guilty/" target="_blank" rel="noopener">pompompurin</a> between March 2022 to 2023 was <a href="https://thecyberexpress.com/breachforums-down-migration-on-says-new-admin/">seized</a> by the U.S. law enforcement in June 2023.
Raidforums, hosted at raidforums.com and run by an admin under the moniker "Omnipotent" was the predecessor hacking forum to both version of BreachForums and ran from early 2015 until February 2022.
*The Telegram channel of "Baphomet," one of the administrators behind the BreachForums, has also been seized, according to a pinned message from the law enforcement on his channel.
[caption id="attachment_68571" align="aligncenter" width="446"]<img class="wp-image-68571 size-full" src="https://thecyberexpress.com/wp-content/uploads/Baphomet.png" alt="BreachForums Seized" width="446" height="358" /> Credit: <a class="wpil_keyword_link" title="Dark Web" href="https://thecyberexpress.com/firewall-daily/dark-web-news/" target="_blank" rel="noopener" data-wpil-keyword-link="linked" data-wpil-monitor-id="3996">Dark Web</a> Intelligence[/caption]
<h3>ShinyHunters Confirms Baphomets Arrest</h3>
*Shiny Hunters, one of the administrators of the BreachForums, allegedly confirmed on a Telegram channel called "BF Announcements" the arrest of Baphomet and said that the law enforcement did not get to anyone from the ShinyHunters gang.
[caption id="attachment_68843" align="aligncenter" width="300"]<img class="wp-image-68843" src="https://thecyberexpress.com/wp-content/uploads/Shiny-496x1024.jpeg" alt="BreachForums Seized" width="300" height="619" /> Message on BF Announcements Telegram channel[/caption]
Later in the same channel the administrator claimed that the domain was recovered back from the law enforcement's control, as was the case during the BreachForums v1 takedown where the cat and mouse game went on for a while between the two.
The Cyber Express tried to verify this claim and saw that the domain is now redirecting to a Telegram chat group called "Jacuzzi 2.0"
The FBI and Justice Department spokespersons were not immediately available for comment when contacted by <a href="https://thecyberexpress.com/cyber-news/" target="_blank" rel="noopener">The Cyber Express</a> for details on the latest claims.
<em>This is a developing story. The article will be updated with the latest information as it becomes available.</em>
<em>Update 1*: Added Telegram account seizure details along with screenshot.</em>
<em>Update 2* May 16 - 9:40 AM (UTC) : Added details from Shiny Hunters' BF Announcements Telegram channel that allegedly confirmed details of one of the administrators of BreachForums - Baphomets - arrest.</em>
<span style="color: #ff0000;"><i>Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. <a style="color: #ff0000;" href="https://thecyberexpress.com/" target="_blank" rel="noopener">The Cyber Express</a> assumes no liability for the accuracy or consequences of using this information.</i></span>
https://thecyberexpress.com/breachforums...yet-again/
<p><img width="1000" height="467" src="https://thecyberexpress.com/wp-content/uploads/BreachForums-Seized.webp" class="attachment-post-thumbnail size-post-thumbnail wp-post-image" alt="BreachForums seized" decoding="async" srcset="https://thecyberexpress.com/wp-content/uploads/BreachForums-Seized.webp 1000w, https://thecyberexpress.com/wp-content/u...0x140.webp 300w, https://thecyberexpress.com/wp-content/u...8x359.webp 768w, https://thecyberexpress.com/wp-content/u...0x280.webp 600w, https://thecyberexpress.com/wp-content/u...50x70.webp 150w, https://thecyberexpress.com/wp-content/u...0x350.webp 750w" sizes="(max-width: 1000px) 100vw, 1000px" /></p>The notorious BreachForums seized for the second time in a year.
The U.S. law enforcement today seized the clear web domain of the second version of BreachForums - popularly known as a Breached hacking forum in the underground market - that helped sell stolen data and credentials.
Hosted at BreachForums[.]st, the domain now shows a seizure banner saying the website was taken down by the FBI and the U.S. Department of Justice with assistance from international partners.
Other law enforcement authorities worldwide were also part of this action, including the Australian Federal Police, the U.K. National Crime Agency, New Zealand Police, police department of the canton of Zürich in Switzerland and Icelandic Police, among others.
As is common with domain seizure messages, law enforcement displayed the logo for the site. It however took an unconventional approach by also featuring two avatar's - likely of BreachForums' administrators "Baphomet" and "ShinyHunters" - behind bars in the seizure banner.
<h3>BreachForums Seized</h3>
The message on the banner reads: "We are reviewing this site's backend <a class="wpil_keyword_link" title="data" href="https://thecyberexpress.com/what-is-data/" target="_blank" rel="noopener" data-wpil-keyword-link="linked" data-wpil-monitor-id="3994">data</a>. If you have information to report about cybercriminal activity on BreachForums, please contact us."
The law enforcement has also shared a <a href="https://breachforums.ic3.gov/">link</a> to a form hosted on the Internet Crime Complaint Center. The FBI has put out a questionnaire for victims or individuals that have information to assist in any of the investigations against BreachForums v2, BreachForums v1, or Raidforums.
A summary of the takedown of BreachForums on this portal says, "The Federal Bureau of Investigation (<abbr>FBI</abbr>) is investigating the criminal <a class="wpil_keyword_link" title="hacking" href="https://thecyberexpress.com/what-is-hacking/" target="_blank" rel="noopener" data-wpil-keyword-link="linked" data-wpil-monitor-id="3993">hacking</a> forums known as BreachForums and Raidforums.
"From June 2023 until May 2024, BreachForums (hosted at breachforums.st/.cx/.is/.vc and run by ShinyHunters) was operating as a clear-net marketplace for cybercriminals to buy, sell, and trade contraband, including stolen access devices, means of identification, hacking tools, breached databases, and other illegal services."
Earlier a separate version of BreachForums hosted at breached.vc/.to/.co and run by <a href="https://thecyberexpress.com/breachforums-admin-pompompurin-pleaded-guilty/" target="_blank" rel="noopener">pompompurin</a> between March 2022 to 2023 was <a href="https://thecyberexpress.com/breachforums-down-migration-on-says-new-admin/">seized</a> by the U.S. law enforcement in June 2023.
Raidforums, hosted at raidforums.com and run by an admin under the moniker "Omnipotent" was the predecessor hacking forum to both version of BreachForums and ran from early 2015 until February 2022.
*The Telegram channel of "Baphomet," one of the administrators behind the BreachForums, has also been seized, according to a pinned message from the law enforcement on his channel.
[caption id="attachment_68571" align="aligncenter" width="446"]<img class="wp-image-68571 size-full" src="https://thecyberexpress.com/wp-content/uploads/Baphomet.png" alt="BreachForums Seized" width="446" height="358" /> Credit: <a class="wpil_keyword_link" title="Dark Web" href="https://thecyberexpress.com/firewall-daily/dark-web-news/" target="_blank" rel="noopener" data-wpil-keyword-link="linked" data-wpil-monitor-id="3996">Dark Web</a> Intelligence[/caption]
<h3>ShinyHunters Confirms Baphomets Arrest</h3>
*Shiny Hunters, one of the administrators of the BreachForums, allegedly confirmed on a Telegram channel called "BF Announcements" the arrest of Baphomet and said that the law enforcement did not get to anyone from the ShinyHunters gang.
[caption id="attachment_68843" align="aligncenter" width="300"]<img class="wp-image-68843" src="https://thecyberexpress.com/wp-content/uploads/Shiny-496x1024.jpeg" alt="BreachForums Seized" width="300" height="619" /> Message on BF Announcements Telegram channel[/caption]
Later in the same channel the administrator claimed that the domain was recovered back from the law enforcement's control, as was the case during the BreachForums v1 takedown where the cat and mouse game went on for a while between the two.
The Cyber Express tried to verify this claim and saw that the domain is now redirecting to a Telegram chat group called "Jacuzzi 2.0"
The FBI and Justice Department spokespersons were not immediately available for comment when contacted by <a href="https://thecyberexpress.com/cyber-news/" target="_blank" rel="noopener">The Cyber Express</a> for details on the latest claims.
<em>This is a developing story. The article will be updated with the latest information as it becomes available.</em>
<em>Update 1*: Added Telegram account seizure details along with screenshot.</em>
<em>Update 2* May 16 - 9:40 AM (UTC) : Added details from Shiny Hunters' BF Announcements Telegram channel that allegedly confirmed details of one of the administrators of BreachForums - Baphomets - arrest.</em>
<span style="color: #ff0000;"><i>Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. <a style="color: #ff0000;" href="https://thecyberexpress.com/" target="_blank" rel="noopener">The Cyber Express</a> assumes no liability for the accuracy or consequences of using this information.</i></span>
https://thecyberexpress.com/breachforums...yet-again/