The notorious online cybercrime marketplace known as Cracked has reportedly made a comeback, along with the recently disrupted BreachForums, although cybersecurity experts are casting doubt on these claims.
Cracked had gone offline three months ago, following the revelation that authorities had dismantled the infrastructure and activities of both Cracked and Nulled as part of “Operation Talent”. These two online cybercrime marketplaces had a combined user base of over 10 million individuals. Cracked, which was launched in 2018, specialized in selling hacking tools, offering server rental services for hosting malware and stolen data, and advertising stolen credentials. The site managed to amass over 4 million users and 28 million posts related to illicit activities, generating an estimated $4 million in illegal revenue.
In the wake of Operation Talent, law enforcement officials seized 12 domains associated with the platforms, as well as Cracked’s financial processor Sellix and a bulletproof hosting service called StarkRDP. Despite this crackdown, the operators of Cracked seem to have quickly reestablished their operations using new infrastructure and domain names. The forum, previously known as Cracked.io, resurfaced on April 14 as Cracked.sh, utilizing a domain associated with the British Overseas Territory of Saint Helena, Ascension and Tristan da Cunha. Reports suggest that the revived site currently boasts 4.7 million users and has introduced new payment options and transaction support.
According to threat intelligence firm Kela, researchers were able to log into the new version using credentials from the old site, indicating that this relaunch may indeed be legitimate. This development suggests that the international law enforcement operation targeting Cracked had only a limited impact.
On the other hand, the Nulled marketplace, which was seized alongside Cracked, remains offline. Spanish authorities arrested two individuals, one of whom has been identified as Lucas Sohn, suspected of being a key figure in Nulled. In contrast, no arrests have been reported in connection with Cracked, indicating that its management team remains at large.
Meanwhile, BreachForums, another well-known cybercrime marketplace, has been offline for a period. A group called “Dark Storm Team” has claimed responsibility for a recent outage through distributed denial-of-service attacks. Previous disruptions to the site have been attributed to law enforcement actions, with the administrator Intelbroker reportedly being apprehended in the past.
Despite claims of a new version of BreachForums being launched, doubts persist about the legitimacy of the site. Conflicting reports on various Telegram channels suggest that the new site may be a fake or a potential scam. Existing credentials from BreachForums do not currently grant access to the purported new site, leaving analysts uncertain about its true nature.
In conclusion, the cybercrime market continues to evolve despite law enforcement interventions, with underground forums like Cracked and BreachForums demonstrating a remarkable resilience in the face of disruptions. The ongoing cat-and-mouse game between authorities and cybercriminals underscores the challenges of combating illicit online activities in an increasingly digital world.