Domains used by notorious hacking group ShinyHunters for Salesforce hacks disrupted in FBI takedown

News
By published

Two domains were seized, but one returned quickly

BreachForums
(Image credit: Future)
  • Law enforcement seizes domains used by Scattered Lapsus$ Hunters
  • Files from Salesloft/Salesforce breach were leaked
  • The group stated "the era of forums is over"

The domains used by Scattered Lapsus$ Hunters to host data leak websites were reportedly seized by law enforcement just as the group was about to leak files stolen in the Salesloft/Salesforce breach. It didn’t stop the leaks, though.

The clearnet domain breachforums.hn was defaced, showing the usual FBI placeholder - “this domain has been seized”. This domain was previously used to reestablish BreachForums, an infamous underground website where cybercriminals exchanged knowledge, tools, and stolen goods, but after the forum was taken down by the FBI for the second time, it was propped back up by Scattered Lapsus$ Hunters, to be used as a data leak and extortion site.

Just days before the latest takedown, Scattered Lapsus$ Hunters announced they would start leaking the data stolen in the Salesloft/Salesforce breach, and even shared the exact moment when the files would go online. In an obvious attempt to thwart the leaks, the FBI, together with French authorities, took down not just breachforums.hn, but also the Tor site. However, this one was restored rather quickly, and files belonging to multiple companies were leaked.

Forums are dead

Among the victims were Qantas, Gap, Vietnam Airlines, Toyota, Disney, McDonald’s, Ikea, and Adidas. Files belonging to more than 40 companies were leaked.

Unfortunately, no arrests were made, meaning Scattered Lapsus$ Hunters can just prop the forum back up and pick up where they left off. However, according to BleepingComputer, the group has no intention of resurrecting the famous forum, reportedly saying: "The era of forums is over".

It seems Telegram groups will be taking over, serving as improvised forums with a little more resilience to them.

Another reason for the pivot away from forums, according to CyberInsider, is the fact that the FBI “destroyed” database backups dating back to 2023, along with all escrow databases.

The hackers also apparently said that all hacking forums that emerge after BreachForums should be considered honeypots propped up by cybersecurity researchers and law enforcement, and as such, should be avoided.

Via BleepingComputer

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.