What's happened?
BreachForums is an online forum and illegal marketplace which had gained notoriety as the most popular website for selling credentials and data breaches. In recent years threat actors have been able to operate with impunity, selling everything from credit cards to medical information and government secrets. On 15 May 2024 the FBI seized control of the BreachForums website and its associated Telegram channels.
What this means and what happens next
The real impact of law enforcement intervention comes from arrests of major players and site administrators. It is also a common tactic for the FBI to seize a site but allow it to operate for a brief period before taking it offline, to capture necessary evidence of activity for court cases. Crossword’s Threat Intelligence team observed disruptions to BreachForums site availability and fluctuations in the URLs in April-May 2024, which are assessed as possibly related.
Law enforcement takedowns happen every few months and whilst it is crucial to disrupt criminal activity, based on similar historical events it is highly likely another forum will gain prominence soon after. There will likely be a lull in activity, then many of the usual suspects will appear on another forum and the cycle will begin again. Arrests are likely to be announced in the media in the coming weeks.
How does this impact me?
When a new site becomes available for criminal activity, users will be keen to gain a reputation on the new site, which is highly likely to encourage a renewed interest in conducting attacks using third party credentials. It is crucial that you have an appropriate tool in place, such as Trillion Breach, which allows your business to become aware of credential breaches and remediate them as quickly as possible.
