New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Alleged BreachForums Owner Pompompurin Arrested on Cybercrime Charges

U.S. law enforcement arrested on Wednesday a New York man believed to be Pompompurin, the owner of the BreachForums hacking forum. According to court documents, he was charged with one count of conspiracy to solicit individuals to sell unauthorized access devices. During the arrest, the defendant allegedly admitted that his real name was Connor Brian Fitzpatrick and that he was Pompourin, the owner of the BreachForums cybercrime forum. Fitzpatrick was released on Thursday on a $300,000 bond and will appear in the District Court of the Eastern District of Virginia on March 24, as first reported by Bloomberg. Until his appearance in court, the defendant has surrendered his documents and will only be allowed to travel within the Southern and Eastern Districts of New York and the Eastern District of Virginia for court purposes. He is also restricted from contacting witnesses, codefendants, or coconspirators. Pompompurin has been a well-known player in a cybercriminal underground devoted to breaching companies and selling or leaking stolen data through forums and social media. He was also a high-profile member of the RaidForums cybercrime forum. After the FBI seized RaidForums in 2022, Pompourin created a new forum named ‘BreachForums’ to fill the void. It has since become the largest data leak forum of its kind, commonly used by hackers and ransomware gangs to leak stolen data. While BreachForums became a force in cybercrime on its own, Pompompurin has also been involved in various high-profile company breaches.

Analyst Notes

A separate BreachForums administrator under the alias Baphomet immediately posted a message following Pompompurin’s arrest. Baphomet claimed they retained control of the forum’s infrastructure and stated they would keep everyone updated on the situation. After the site went down, Baphomet began using the forum’s Telegram channel to provide updates to the forum’s community. On the morning of March 20th, Baphomet stated the migration process has slowed but claims the forum will return. In the meantime, Binary Defense analysts will look for spikes in activity on other notable criminal forums. BreachForums was a predominantly English-speaking forum. Often times when a forum like Breach is taken down, popular Russian criminal forums will close registration to prevent an influx of English speaking threat actors.