In a significant cyber incident, the underground criminal forum known as Maza has reportedly been breached by unidentified attackers. This breach marks the fourth cyber forum breach this year, highlighting a concerning trend in the cybersecurity landscape.
The attack is believed to have taken place on March 3, resulting in the exposure of sensitive information relating to forum members. Data compromised includes usernames, email addresses, and hashed passwords, which were disclosed via a breach announcement declaring “Your data has been leaked” and “This forum has been hacked.”
An accompanying PDF was circulated, allegedly containing a portion of the compromised user data, consisting of over 3,000 entries with usernames, partially obscured password hashes, email addresses, and additional contact details. This information was verified by cybersecurity firm Intel 471, underscoring the breach’s severity.
Originally known as Mazafaka, Maza is an elite, invite-only forum that has been operational since at least 2003, providing a platform for cybercriminals to engage in the trade of ransomware-as-a-service tools and various illicit activities. This breach follows the recent attacks on other forums, including Verified, Crdclub, and Exploit, indicating an escalating pattern of cyber infiltration.
For context, the Verified forum was compromised on January 20, 2021, with attackers claiming access to its entire database while also transferring $150,000 in cryptocurrency from its wallet. Meanwhile, Crdclub reported an attack in February where an administrator account was compromised, and users were misled into using a fraudulent money transfer service. These attacks illustrate a range of tactics including initial access and social engineering.
In a related incident, the Exploit forum was recently attacked, suffering a breach that compromised its proxy servers designed to protect against DDoS attacks. The identity of the attackers remains unclear, with community speculation suggesting potential involvement of a government intelligence agency, which raises concerns regarding the exposure of users’ real identities following these incidents.
Flashpoint researchers have pointed out that the Russian language used in Maza’s breach notification may indicate non-native speakers were involved, possibly signaling a coordinated effort to obfuscate the attackers’ identities. Despite no one claiming responsibility for these attacks, the resulting disclosures can provide valuable intelligence for cybersecurity teams monitoring these criminal networks.
Business owners should remain vigilant as these breaches underscore the necessity for robust cybersecurity measures. The tactics likely used in these recent attacks may include initial access through phishing or exploitation of vulnerabilities, persistence via compromised accounts, and potential privilege escalation to further infiltrate targeted systems. Such insights can help organizations better defend against future cyber threats.
