Go to listing page

BreachedForum Down, ARES Up: Cyber Threat Continues

BreachedForum Down, ARES Up: Cyber Threat Continues
It seems that taking down one malicious site only creates a temporary disruption, as another quickly takes its place. As BreachedForum shuts down, Cyfirma spotted the emergence of ARES. ARES shows cartel-like behavior by seeking affiliations with other hackers and ransomware operators.

Diving into details

The actor surfaced on Telegram at the end of 2021 and has been linked to the RansomHouse ransomware campaign, as well as KelvinSecurity data leak platform and Adrastea network access group.
  • The ARES Leaks platform is hosted on clear net and offers access to data leaks from 65 nations, including the U.S., Italy, Australia, France, and Spain. The leaks contain every kind of information, such as passports, names, contact details, company databases, and forex data, among others.
  • ARES Leaks activities have increased after BreachedForum's shutdown, raising concerns regarding the threat group’s efforts to become a new alternative.

Another leak site

  • Apart from ARES Leaks, the threat group supports another project, named LeakBase, which launched earlier this year. 
  • LeakBase is hosted on the regular web and offers free databases and space for selling leads, leaks, services, and exploits. 

Why this matters

Well-known threat actors are already leveraging the ARES platform to sell compromised data, suggesting that the group is gaining traction in the cybercriminal community. 
  • Furthermore, the group is expanding its operations by recruiting pen-testers, malware developers, and other skilled resources. 
  • In addition, the group has recently completed the construction of a forum that was launched on March 31. This forum has the potential to become an effective platform for enhancing the group's operational efficiency.

Not just ARES

  • Resecurity identified another darknet marketplace, Styx, that specializes in aiding financial fraud, money laundering, and identity theft.
  • The forum was launched in January this year and provides services such as data dumps, stolen credentials, DDoS attacks, banking trojans, and 2FA/MFA bypass solutions, among others.
  • The identification of Styx is significant since there has been a surge in attackers offering money laundering services that abuse cryptocurrency accounts and digital banking.

The bottom line

The emergence of well-organized and resourceful marketplaces in the dark web is a cause of concern that highlights the importance of collaboration among various threat actors. Both ARES and Styx appear to have clear goals to establish a cybercriminal ecosystem for both buyers and sellers. Organizations are advised to implement proactive security defenses and stay vigilant against such threats.
Cyware Publisher

Publisher

Cyware