May 30 Webinar | SOC Talk: Automating Threat Response
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
May 01, 2024
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
While the Russian invasion of Ukraine has typically been met with a response of horror and condemnation across the globe, the conflict has also proven highly divisive among the world’s cybercriminal community. Opinions on Russian President Vladimir Putin’s so-called ‘special military operation’ depend on several factors, notably the cybercriminal’s background, political beliefs, or other nationalistic drivers. As we’ve reported in previous blogs, some internet users have taken it on themselves to take an active role in the conflict, targeting Russian organizations with targeted data breaches, distributed denial of service (DDoS) attacks, and defacement activity. A new, pro-Ukrainian and anti-Russian and anti-Belarus forum has since been identified, allowing users to get involved in the fight. Check out the details for “DUMPS Forum” in our blog below.
DUMPS Forum appears to have been established in late May 2022, with its membership unknown but likely not more than 100 at the time of writing. At first glance DUMPS Forum appears to be the same as every other run-of-the-mill Russian language cybercriminal forum. There’s a section for trading illicit material, carding, malware, and establishing accesses to targeted networks. At present this forum is open to members without any vetting or registration process, however, there is an ongoing request for an invite system that may become the main method of gaining access if the forum builds its notoriety. What separates DUMPS Forum is the forum’s goal of supporting the Ukrainian war effort against Russia. Within the opening statement of the forum, this intent is made clear:
“Information services / leaks or other services on our forum are allowed in relation to only two states, these are the Russian Federation and Belarus. Topics that mention other countries are not allowed. This is the main rule of our forum”
The forum’s intent is also expressed through a Russia-Ukraine war information and pro Ukraine charities page redirect, which can be seen when clicking the support button in DUMPS Forum’s header.
This is the only forum we’re aware of that is taking such a stance, which puts DUMPS Forum in a unique position, whilst also painting a target on its own back; if the forum develops into a well-known and successful project, it will likely become a target of counter activity from Russia-supporting cyber criminals. The brazen nature of the forum is perhaps best emphasized by the forum administrator actually posting their location, which points to a residential apartment in Kyiv. The roof of the building contains an insult towards Vladimir Putin, which if you want to run through Google translate, go right ahead: “путин хуйло”. We’ve no idea if this location is actually the admin’s home, however it emphasizes the spirit of defiance and resistance in which the forum is built.
All topics within the forum must be aimed towards activity directed against Russia and/or Belarus. Much of the activity centers towards sharing data leaks, advertising DDoS attack services, forged and stolen identity documents, and anonymous and bulletproof hosting services. The forum contains sections for the trade of initial accesses, carding, instant messaging and social networks, and spam, but these remained empty at the time of writing. By far the largest section of the forum is the Leaks section, in which users shared data stolen from Russia-based government and private institutions. This includes several well known and important Russian government institutions and utilities providers.
The DDoS-as-a-service advertised on the site allows users to order DDoS attacks on any network resource “quickly, qualitatively, effectively”. The power of these DDoS attacks ranged up to 500gbps, with a one hour attack priced at $80 per hour or $500 for 24 hours at layer 4. Layer 7 DDoS attacks were priced at $600 for 24 hours. DDos attacks and defacement activity have returned in a major way since the onset of the war, which has largely been committed by an army of hacktivist actors operating on behalf of both sides of the conflict. DUMPS Forum— and indeed similar forums in the future—have a big role to play in this hacktivist resurgence, with hacktivism having significant success in causing disruption and sabotage at Russian entities.
Another large focus of the forum is advertising information services—also known as probiv—for Russian and Belarussian government agencies, financial institutions, and mobile network carriers. We’ve previously mentioned Probiv on previous blogs, which is a Russian-language slang term best translated as “look-up”. It describes a service offered mainly on Russian-language cybercriminal platforms in which a user provides a piece of personal data belonging to an individual and—in return for a fee—receives other information associated with this target. Think quid pro quo, scratch my back and I’ll scratch yours (for a fee), that sort of thing.
Some of the items identified in the probiv section of the forum include Russian passport details, data from local wanted lists and criminal records, data regarding suspects or persons of interests, migrant information, and information related to buying tickets for transportation out of Russia. Lists of citizens convicted of possessing illegal weapons were also mentioned. In addition to Ukrainian patriotic hackers, this list also suggests that the administrators and users of DUMPS Forum are also highly interested in Russian partisans, or individuals within Russia who are sympathetic to their cause. Of course, Russia naturally wants to keep its citizens from accessing such content, you’ve likely read about how Russia has really intensified their efforts at internet censorship and stifled any potential criticism of the conflict. According to DUMPS Forum, the forum has been banned for any individual within Russia; within the post below, the forum administrator uses the word “Rashka”, a derogatory term for Russia. The term is derived from the English pronunciation of Russia, complete with the diminutive suffix to convey extra venom. Just using this word would be sufficient to gain a ban within a typical Russian cybercriminal forum.
One challenge facing the forum is that the content is almost exclusively written in Russian, which in itself is odd given the forum’s nature as a pro-Ukraine forum aimed at targeting Russian entities. This however likely represents the forum’s goal of targeting members within the Russian federation—who likely do not speak Ukrainian—while also appreciating that almost every Ukrainian will speak Russian either fluently or to a good level. While there are some posts translated to English, the contents of the site will likely not be accessible to non Russian speakers.
The recency of the forum’s creation may also limit the amount of activity being permitted on the site, with time required to allow its membership to grow. Raising the membership will of course increase the forum’s profile, which in turn could represent a risk; we’ve seen previously rival cybercriminal forum’s attempting to take each other down through targeted data breaches or DDoS activity. While some content is reportedly hidden from public view, all content can be viewed if you have an account and “like” the post if you want to view a download link. The forum is also currently open for any individual to join, which could represent an operational security risk. Some users have expressed concerns over this system and requested an invite only system.
DUMPS Forum likely has an important role to play in the ongoing Russia-Ukraine war; as a hub for hacktivists and patriotic cyber threat actors, as a symbol of resistance, and making a demonstrable difference on the cyber battlefield. Any success achieved by DUMPS Forum will however attract unwanted attention; the ban on Russian citizens visiting the forum highlights that the forum is already on the radar of the Russian state. It is also realistically possible that the success of DUMPS Forum may inspire other services looking to play a part in the ongoing conflict.
Here at Digital Shadows (now ReliaQuest), we think it’s important to monitor the latest developments in the cybercriminal landscape to keep abreast of the threats to our customers emanating globally. To ensure we’re providing the best possible intelligence for our customers, we need to keep our finger on the pulse of developments, and if we can predict new forum movers and shakers, all the better. We feed these observations into Digital Shadows (now ReliaQuest)’ SearchLight (now ReliaQuest’s GreyMatter Digital Risk Protection) service, which features a constantly-updated threat intelligence library providing insight on this and other cybercriminal-related trends that might impact your organization and allow security teams to stay ahead of the game. If you’d like to access the library for yourself, you can sign up for a free seven-day test drive of SearchLight (now ReliaQuest’s GreyMatter Digital Risk Protection) here.