The true identity of the hacker known as Tessa88, linked to numerous high-profile cyber incidents such as the breaches of LinkedIn, Dropbox, and MySpace, has been uncovered as Maksim Vladimirovich Donakov, a resident of Penza, Russian Federation. Tessa88 rose to notoriety in early 2016 by offering stolen data from some of the world’s largest social media platforms on various underground forums, including LinkedIn, MySpace, and Twitter, among others.
The compromised data, reportedly gathered over several years, encompassed more than 500 million username and password pairs used in phishing schemes, account takeovers, and various other cyber attacks. Tessa88’s online profile operated for a few months in early 2016, but operational security analyses indicate that Donakov has engaged in cybercriminal activities since at least 2012 under multiple aliases, such as “Paranoy777” and “tarakan72511.”
Researchers from Recorded Future’s Insikt Group used a combination of dark web activity and public records to link Donakov to multiple accounts associated with Tessa88. Their investigation revealed that posts made under the nickname “tarakan72511” included screenshots discussing data breaches and featured a photo of the individual that links back to Tessa88.
Additionally, the identification process involved analyzing a YouTube account matching the username Tarakan72511 Donakov. A video linked to this account showcased a person wearing a Guy Fawkes mask, reminiscent of other images of Tessa88, further corroborating their connection.
The evidence compiled suggests that Donakov’s activities extended beyond the sale of databases. He has been involved in various criminal undertakings in Russia, including a car accident while driving a Mitsubishi Lancer in 2017 and serving jail time for a separate crime in 2014. Recorded Future concluded with a “high degree of confidence” that Donakov is responsible for the sale of extensive databases, including the compromised credentials of millions of Twitter and Yahoo accounts.
During the same time period of high-profile breaches, another hacker using the alias Peace_of_Mind was also active, allegedly selling millions of stolen emails and passwords from major platforms. Reports indicate that Tessa88 and Peace_of_Mind may have collaborated to monetize the stolen data, likely as part of an effort to expedite returns on their illicit activities.
Despite their involvement in selling stolen databases, it is essential to note that neither Tessa88 nor Peace_of_Mind were directly responsible for the initial breaches of the affected companies, and the specific methodologies behind these hacks remain unclear. The eventual criminal case involving another hacker, Yevgeniy Nikulin, is anticipated to provide further insights into this complex network of cybercrime.
In examining the tactics that may have been employed in these cyber attacks, one can reference the MITRE ATT&CK framework, which outlines tactics such as initial access through phishing, persistence via compromised credentials, and privilege escalation leading to broader system access. Understanding these techniques is vital for business owners in crafting robust defense strategies against the ever-evolving landscape of cyber threats.
The revelations surrounding Maksim Vladimirovich Donakov serve as a stark reminder of the complexities involved in today’s cybersecurity landscape, underscoring the necessity for heightened vigilance and proactive measures to safeguard sensitive information.
