Latest Threat Research: LetMeowIn – Analysis of a Credential Dumper

Get Informed


Breached Shutdown Triggers Shift to ARES Data Leak Forums

A threat group known as ARES is becoming well-known on the cybercrime scene due to selling and leaking databases stolen from businesses and government agencies. The actor first appeared on Telegram in late 2021 and has since been linked to the RansomHouse ransomware operation, the KelvinSecurity data leak platform, and the network access group Adrastea. In order to fill the hole left by the now-defunct Breached forum, ARES Group administers its own website with database leaks and a forum. According to Cyfirma, ARES exhibits cartel-like behavior and actively seeks to connect with other cybercriminals. ARES Leaks is a platform that offers access to data leaks from 65 countries, including the United States, Australia, Spain, France, and Italy. The platform provides a wide range of sensitive information, including forex data, government leaks, passports, email addresses, phone numbers, customer details, B2B, and SSNs. The group also offers different types of services, such as pen-testing, vulnerability exploitation, malware development, and Distributed Denial of Service (DDoS) attacks. Cyfirma confirmed the increased activity on ARES Leaks after the Breached forum was shut down. ARES has recently expanded its interest in acquiring military access and databases and actively promotes its request through advertisements on the dark web. 

Analyst Notes

In early 2023, LeakBase emerged as a new project backed by the ARES threat group. The aggressive marketing campaign, combined with the closure of the Breached hacker forum, led to a surge in user registrations. Accessible on the clear web and open to all, LeakBase offers complimentary databases and a marketplace for trading leaked information, leads, exploits, and services. Additionally, the platform includes dedicated sections for programming, hacking tips, tutorials, social engineering, penetration testing, cryptography, anonymity, and operational security guides and discussions. To foster trust, it also features an escrow payment system. LeakBase is still in its infancy compared to Breached, but its growing reputation suggests it may soon evolve into a major nexus for cybercriminals seeking information and services. The ARES threat group is a well-structured organization, continually broadening its operations and offerings to encompass the primary interests of cybercrime. Cyfirma claims that ARES views the closure of Breached as a chance to expedite its expansion and solidify its standing within the cybercrime landscape.