The database and source code allegedly belonging to a bulletproof hosting service was put up for sale on a hacker forum.
DDoS-Guard, whose data is allegedly being traded on the hacker forum, is a bulletproof hosting provider offering DDoS protection, CDN, and hosting services. DDoS-Guard is a Russian company that helped Parler, a social media app, get back online after it was blocked by Amazon Web Services in January.
Group-IB, a global threat hunting and cyber intelligence company discovered the database on a cybercrime forum on May 26. Group-IB Threat Intelligence & Attribution system noticed the listing posted on May 26 on a popular hacker forum exploit[.]in.
“Initially, the threat actor was auctioning off the lot with a starting price of $500,000. Shortly after the amount was reduced to $350,000,” says Oleg Dyorov, Threat Intelligence analyst at Group-IB.
The threat actor did not provide a sample of the database or the source code. This makes it impossible to verify the data’s authenticity. Nevertheless, the database reportedly includes such information about the customers of DDoS-Guard as names, IP-addresses, and payment details.
“The seller registered this account on exploit[.]in in January 2021 and has been looking to buy access to different corporate networks ever since. It is only the second time that they are trying to sell data on the forum. Despite the regular activity, the threat actor has no reputation on the forum and has made no deposits yet.”
However, the administrator has banned the user for their refusing to use the escrow service.
Group-IB says DDoS-Guard also prevents identifying thousands of individuals and groups who are involved in illegal activities. And the Russian company turns a blind eye to rogue websites, which are, therefore, almost impossible to take offline:
“Whenever Group-IB established a connection with this company, it immediately reflects a red flag,” says Reza Rafati, a senior analyst at CERT-GIB in Amsterdam. “We’ve seen a number of rogue websites hosted by DDoS-Guard. They were almost impossible to take down. Their answer to our numerous complaints on them protecting illegal resources is that they are not the owners of these websites. Such a safe environment for illicit online activity doesn’t do any good for the global effort against cybercrime.”