In what’s a case of hackers getting hacked, a distinguished underground on-line felony discussion board by the title of Maza has been compromised by unknown attackers, making it the fourth discussion board to have been breached for the reason that begin of the 12 months.
The intrusion is claimed to have occurred on March 3, with details about the discussion board members — together with usernames, electronic mail addresses, and hashed passwords — publicly disclosed on a breach notification web page put up by the attackers, stating “Your knowledge has been leaked” and “This discussion board has been hacked.”
“The announcement was accompanied by a PDF file allegedly containing a portion of discussion board person knowledge. The file comprised greater than 3,000 rows, containing usernames, partially obfuscated password hashes, electronic mail addresses and different contact particulars,” cybersecurity agency Intel 471 said.
Initially referred to as Mazafaka, Maza is an elite, invite-only Russian-language cybercrime discussion board identified to be operational as early as 2003, performing as an unique on-line area for exploit actors to commerce ransomware-as-a-service instruments and conduct different types of illicit cyber operations.
The event comes shut on the heels of profitable breaches of different boards, together with that of Verified, Crdclub, and Exploit.
Verified is claimed to have been breached on January 20, 2021, with the actor behind the assault claiming entry to the whole database on one other fashionable discussion board referred to as Raid Boards, in addition to transferring $150,000 price of cryptocurrency from Verified’s bitcoin pockets to their very own. The discussion board, nonetheless, staged a return final month on February 18 with a change in possession, based on Flashpoint.
Then once more, in February, a cybercrime discussion board by the title of Crdclub disclosed an assault that resulted within the compromise of an administrator account with the objective of defrauding its members. No different private info seems to have been plundered.
“By doing so, the actor behind the assault was capable of lure discussion board prospects to make use of a cash switch service that was allegedly vouched for by the discussion board’s admins,” Intel 471 mentioned. “That was a lie, and resulted in an unknown sum of money being diverted from the discussion board.”
Lastly, earlier this week, the Exploit cybercrime discussion board sustained an assault that concerned an obvious compromise of a proxy server used for safeguarding the discussion board from distributed denial-of-service (DDoS) assaults.
Particulars are fuzzy as to the perpetrators of the assaults, with discussion board members speculating that it might be the work of a authorities intelligence company, whereas additionally distressing over the chance that their real-world identities might be uncovered within the wake of the leaks.
Flashpoint researchers noted that the Russian sentences on the Maza discussion board’s notification web page had been presumably translated utilizing a web based translator, however added it is unclear if this suggests the involvement of a non-Russian talking actor or if it was intentionally used to mislead attribution.
“Whereas Intel 471 is not conscious of anybody claiming duty for the breaches, whomever is behind the actions has not directly given researchers a bonus,” the corporate concluded. “Any info unearthed from the breaches aids within the battle in opposition to these criminals as a result of added visibility it provides safety groups who’re monitoring actors that populate these boards.”