A new hacker forum is taking a unique political stance to support Ukraine in its war with Russia, entertaining only topics and threat activity focused against Russia and Belarus, researchers have found.
The Russian-language site, DUMPS Forum, has been around since late May, and at first glance seemed like “every other run-of-the-mill Russian language cybercriminal forum,” researchers from the Photon Research Team of Digital Shadows, a ReliaQuest Company, said in a blog post published Wednesday.
The forum—which currently has about 100 members–has sections for trading illicit material, carding, malware, and establishing accesses to targeted networks, with an open invite for anyone to join.
A closer look at the forum revealed its unique ideology to take a firm political stance to support Ukraine as it defends itself against Russia’s invasion, “the only forum we’re aware of that is taking such a stance,” researchers wrote.
While most of the specific activity sections remained empty at the time researchers viewed the forum, the section most populated so far was the one focused on leaks, researchers noted. Users already have shared data stolen from Russia-based government and private institutions, including several well known and important government entities as well as utilities providers, they said.
Indeed, much of the activity currently discussed on the site is geared toward sharing data leaks, researchers observed. Other top topics advertise DDoS attack services, forged and stolen identity documents, and anonymous and bulletproof hosting services, with all cybercriminal activity aimed against targets in Russia and Belarus.
Unabashed Support for Ukraine
Its pro-Ukrainian stance puts DUMPS Forum in a unique position, but also points a target on its back, researchers said. “If the forum develops into a well-known and successful project, it will likely become a target of counter activity from Russia-supporting cyber criminals,” they said.
As Ukraine has been pummeled by attackers in a cyber war that’s raged alongside the land invasion by Russia, however, it seems only fair that someone takes up the side of the Ukrainians in cyber space. Russian-based hackers hit Ukrainian cyber targets even before the physical invasion, an assault that has continued during the ground conflict, which is in its sixth month.
DUMPS takes a “brazen” position to support Ukraine, even going so far as to posting its physical location, which points to a residential apartment in Kyiv in a building with a roof that contains a vulgar insult in Russian towards Vladimir Putin, researchers said.
“We’ve no idea if this location is actually the admin’s home; however it emphasizes the spirit of defiance and resistance in which the forum is built,” they observed.
Top Services Offered
Of the specific services being hawked on the site, DDoS attacks seem likely to be among those that will gain the most traction, researchers noted. This is because “DDoS attacks and defacement activity have returned in a major way since the onset of the war,” they said. These attacks largely have come from an army of hacktivist actors operating on behalf of both sides.
The specific DDoS services advertised on the site allow users to order DDoS attacks on any network resource “quickly, qualitatively, effectively,” with a power range of up to 500 gbps, priced at $80 an hour. Layer 4 attacks are priced at $500 for 24 hours, while Layer 7 attacks priced at $600 for the same amount of time, researchers said.
A forum post already confirmed successful defacement activity directed against the Russian state website of the Ministry of Construction, Housing and Communal Services of the Russian Federation, they added.
The forum also has a distinct focus on advertising information services—also known as probiv—which is a type of quid-pro-quo service in which a user provides a piece of personal data belonging to an individual and, in return for a fee, receives other information associated with this target.
The probiv services on the forum are primarily directed against Russian and Belarussian government agencies, financial institutions and mobile network carriers, researchers said. Information of interest includes: Russian passport details, data from local wanted lists and criminal records, data regarding suspects or persons of interests, migrant information, information related to buying tickets for transportation out of Russia, or lists of citizens convicted of possessing illegal weapons.
A Look Ahead
Going forward, the site could potentially play a major role in the ongoing conflict between Ukraine and Russia “as a hub for hacktivists and patriotic cyber threat actors, as a symbol of resistance, and making a demonstrable difference on the cyber battlefield,” researchers noted.
However, its choice to operate with content almost exclusively written in Russia is a curious one and could pose a potential challenge, as non-Russian speaking entities who want to join in the cause for Ukraine will be excluded from the forum, researchers noted.
On the other hand, it suggests that the forum’s goal is to target members within the Russian federation who can mount attacks from within the country and who likely wouldn’t speak Ukrainian; while most Ukrainians speak Russian fluently and would also be able to participate, they said.
The forum’s current open nature that allows anyone to join could also represent an operational security risk, with some users requesting an invite-only system to protect users from potential retaliation from pro-Russia entities, researchers said.