A unique politically motivated site called DUMPS focuses solely on threat activity directed against Russia & Belarus
This new hacker forum is taking a unique political stand to support Ukraine in its war with Russia, allowing only topics & threat activity focused against Russia & Belarus, researchers have discovered.
DUMPS Forum
The Russian-language site, DUMPS Forum, has been active since late May, & seemed like “every other ‘run-of-the-mill’ Russian language cyber-criminal forum,” researchers from the Photon Research Team of Digital Shadows, a ReliaQuest Company, stated in a blog post published Wed.
The forum—which currently has about 100 members–has sections for trading illicit material, carding, malware, & establishing accesses to targeted networks, with an open invitation for anyone to join.
Unique Ideology
A closer look at the forum revealed its unique ideology to take a strong political stand to support Ukraine as it defends itself against Russia’s invasion, “the only forum we’re aware of that is taking such a stance,” researchers wrote.
Whilst most of the specific activity sections remained empty at the time researchers reviewed the forum, the section most populated so far was the one focused on leaks, researchers noted.
Shared Data
Users already have shared data stolen from Russia-based govt. & private institutions, including several well-known & important govt. entities as well as utilities providers, they explained.
Much of the activity currently discussed on the site is orientated toward sharing data leaks, researchers observed. Other top topics advertise DDoS attack services, forged & stolen identity documents, & anonymous & bulletproof hosting services, with all cyber-criminal activity aimed against targets in Russia & Belarus.
Support for Ukraine
Its pro-Ukrainian attitude makes DUMPS Forum unique, but also points a ‘target on its back,’ researchers outlined. “If the forum develops into a well-known & successful project, it will likely become a target of counter activity from Russia-supporting cyber-criminals,” they suggested.
As Ukraine has been hit by attackers in a cyber war that is took place alongside the land invasion by Russia, however, it seems only right that someone takes up the side of the Ukrainians in cyber-space.
Russian-based hackers hit Ukrainian cyber-targets even before the physical invasion, an assault that has continued during the ground conflict, which is in its 6th month.
Physical Location
DUMPS takes a “brazen” position to support Ukraine, even going as far as to posting its physical location, which points to a residential apartment in Kyiv, in a building with a roof that contains a vulgar insult in Russian towards Vladimir Putin, researchers revealed.
“We’ve no idea if this location is actually the admin’s home; however it emphasises the spirit of defiance & resistance in which the forum is built,” they observed.
Services Offered
Of the services being offered on the site, DDoS attacks seem likely to be among those that will gain the most use, researchers noted. This is because “DDoS attacks & defacement activity have returned in a major way since the onset of the war,” they commented. These attacks largely have come from an ‘army’ of ‘hacktivist’ players operating on behalf of both sides.
The specific DDoS services advertised on the site allow users to order DDoS attacks on any network resource “quickly, qualitatively, effectively,” with a power range of up to 500 gbps, priced at $80 an hour. Layer 4 attacks are priced at $500 for 24 hours, while Layer 7 attacks priced at $600 for the same amount of time, researchers outlined.
Defacement Activity
A forum post already confirmed successful defacement activity directed against the Russian state website of the Ministry of Construction, Housing & Communal Services of the Russian Federation, they added.
The forum also has a distinct theme on advertising information services—also known as ‘probiv’—which is a type of ‘quid-pro-quo’ service in which a user provides a piece of personal data belonging to an individual &, in return for a fee, receives other information associated with this target.
Russian & Belarussian Govt. Agencies
The ‘probiv’ services on the forum are mainly directed against Russian & Belarussian Govt. agencies, financial institutions & mobile network carriers, researchers observed.
Information of interest includes Russian passport details, data from local wanted lists & criminal records, data regarding suspects or persons of interests, migrant information, information related to buying tickets for transportation out of Russia or lists of citizens convicted of possessing illegal weapons.
Looking Ahead
The site could potentially play a ‘key role’ in the ongoing conflict between Ukraine & Russia “as a hub for hacktivists & patriotic cyber-threat actors, as a symbol of resistance, & making a demonstrable difference on the cyber battlefield,” researchers noted.
However, the choice to operate with content almost exclusively written in Russia is a strange one, & could pose a potential challenge, as non-Russian speaking entities who want to join in the cause for Ukraine will be excluded from the forum, researchers stated.
Attacks from Within Russia
Also, it suggests that the forum’s aim is to target members within the Russian Federation itself who can conduct attacks from within Russia, & who likely would not speak Ukrainian; while most Ukrainians speak Russian fluently & would also be able to participate, they explained.
The forum’s current ‘open format’ that allows anyone to join could also represent an ‘operational security risk,’ with some users requesting an invite-only system to protect users from ‘potential retaliation’ from pro-Russia bodies, researchers concluded.
