Hackers Target Russian Cybercrime Forums

Elite cybercrime forum Maza aka MFclub has been taken over by hackers, according to new research by risk intelligence company Flashpoint.

The Russian-language forum, which was originally known as Mazafaka, has served thousands of cyber-criminals since its launch in 2003. 

"Little is known at this time about the attackers who successfully compromised Maza," wrote Flashpoint researchers. But thanks to the data allegedly leaked in the attack, quite a lot has come to light about the site's users. 

Among the allegedly leaked Maza data obtained by Flashpoint analysts was user IDs, usernames, emails, passwords, and details for AIM, Yahoo, MSN, and Skype. 

"While the compromised data appears to be extensive, it’s worth noting that the passwords have been hashed and most other data fields included in the dump have been hashed or further obfuscated," wrote researchers.

Cyber-intelligence firm Intel 471 said that the leaked files comprised more than 3,000 rows of information and that claims that the database belongs to Maza appear to be legitimate. 

Whoever was behind the cyber-attack did not attempt to keep it on the down low, opting instead to post a warning on the forum that read “Your data has been leaked” and “This forum has been hacked.”

The incident is the third attack on Russian-language online forums used by cyber-criminals this year. Verified was compromised on January 20, 2021, when the forum's domain registrar was hacked, and another online community, Exploit, was the target of an unsuccessful Distributed Denial of Service (DDoS) attack.

Flashpoint analysts have observed Exploit users discussing whether the string of attacks is a new tactic by law enforcement to make it harder for criminals to communicate by sowing the seeds of distrust among forum users. 

The company said it is "actively monitoring cybercriminal discussions of Maza across the entire cybercriminal forum ecosystem commenting on the recent disruptions to many elite services and communities."

This latest incident is not the first time Maza has been hacked. On February 18, 2011, the data of more than 2,000 cyber-criminal users, along with all of their forum correspondence, was exposed. 

What’s Hot on Infosecurity Magazine?