Unknown attackers have compromised a prominent underground online criminal forum by the name of Maza, which is the fourth forum to be breached since the beginning of the year.
Breaches of other forums, including that of Verified, Crdclub, and Exploit took place earlier this year.
The violation follows a series of attacks aimed mainly at Russian-speaking cyber crimes forums. The loot is significant this time. It includes usernames, hashed passwords, email addresses and other contact information of Maza Users.
Maza is one of the oldest and most elite cybercrime forums, previously known as Mazafaka. Since at least 2003, it has been the destination of all kinds of cybercriminals. Distribution of malware, money laundering, sale of stolen credit card data… you name it and they do it.
The group is known as the “elite,” because entry is very difficult. Russian is the language of communication, prospective members must pay “insurance,” and at least three current members must vouch for the membership of a new member. In addition, without the specific encryption certificate provided by forum administrators, the forum is not accessible or even invisible.
Some of the administrators of the forum are very well known. For example, Aleksei Burkov, a Maza administrator, was supposedly extradited to the USA from Israel at the end of 2019, and he serves at least one other hacker Forum.
The Maza violation was found by Flashpoint researchers on 3 March.
“The announcement was accompanied by a PDF file allegedly containing a portion of forum user data. The file comprised more than 3,000 rows, containing usernames, partially obfuscated password hashes, email addresses and other contact details,” cybersecurity firm Intel 471 said.
The hackers who successfully hacked Maza are little identified. Insiders believe the authorities were behind this attack and issued a “friendly warning” to discourage cybercriminals from carrying out illegal activities. However, it seems otherwise taking into consideration the fact that the stolen data were dumped on the dark Web.
Researchers from Flashpoint pointed out that the Russian sentences on the Notification page of the Maza Forum may have been translated using an online translator, but it is unclear whether this implies a non-Russian speaking actor or whether it is used intentionally for misleading attribution.
The hack shows how no one, including cybercriminals, is safe from cyber-attacks.