The infamous online cybercrime marketplace, Cracked, has resurfaced after going offline three months ago following a law enforcement operation. Along with Cracked, the recently disrupted BreachForums is also back online, although there are doubts about its authenticity.
Cracked, which was launched in 2018 and amassed over 4 million users, was shut down as part of “Operation Talent,” along with another marketplace called Nulled. The seizure of 12 domains, financial processors, and hosting services used by Cracked dealt a blow to the operators, prompting them to confirm the disruption on their Telegram channel.
However, as is often the case with cybercrime forums, Cracked has made a comeback using new infrastructure and domain names. The forum, previously known as Cracked.io, reemerged as Cracked.sh on April 14, using a top-level domain associated with a British Overseas Territory. The new administrators claimed to have restored a backup from January to create the new site, which now boasts 4.7 million users and features new payment options.
Despite claims that seized servers were encrypted to prevent law enforcement access, threat intelligence firm Kela managed to log into the new version using old credentials, suggesting a legitimate relaunch. This indicates that the international law enforcement operation only caused a temporary setback to Cracked’s operations.
In contrast, Nulled remains offline after the seizure, with Spanish police arresting two individuals suspected of being administrators. The lack of arrests in the case of Cracked suggests that the management team is still at large, allowing them to revive the forum.
Meanwhile, the English-language cybercrime marketplace BreachForums has faced disruptions attributed to a group called “Dark Storm Team” claiming responsibility for distributed denial-of-service attacks. The uncertainty surrounding the site’s status, whether seized by law enforcement or disrupted by the group, has led cybersecurity researchers to advise caution.
A purported new version of BreachForums briefly appeared before displaying a “currently closed” message, sparking debates in various Telegram channels. The legitimacy of the new site, Breached.fi, has been questioned by someone claiming to be the real admin Anastasia, casting doubt on its affiliation with the original community. Additionally, existing credentials do not work on the new site, raising concerns about its authenticity or potential ties to criminal activities.
As the cybercrime marketplaces engage in a game of cat and mouse with law enforcement, the evolving landscape underscores the challenges in distinguishing between legitimate operations and deceptive tactics. With forums like Cracked and BreachForums resurfacing amidst disruptions and skepticism, the cybersecurity community remains vigilant in monitoring the underground economy for illicit activities.