Cybercrime Marketplace Cracked Seems to Have Made a Comeback

A well-known online cybercrime marketplace, Cracked, has announced that it has resumed operations. This development follows the recent disruption of the BreachForums marketplace, leading experts to express doubts regarding the authenticity of these claims.

Cracked went offline approximately three months prior, as part of “Operation Talent,” an initiative that disrupted the operational framework of both Cracked and another cybercrime marketplace, Nulled, which together boasted over 10 million users. As a result of this operation, law enforcement seized 12 domains associated with these platforms, as well as the financial processor Sellix and a bulletproof hosting service utilized by the marketplaces.

Originally launched in March 2018 and patterned after Raid Forums – which later inspired BreachForums – Cracked was involved in the sale of hacking tools, malware hosting, and advertising stolen credentials. At its peak, it had over 4 million users and generated at least $4 million in illicit revenue, according to financial records made public during a U.S. federal court case.

In the aftermath of the seizure, Cracked’s operators expressed disappointment over their community’s loss. However, the administrators seem to have revived their illicit activities with new domain names and infrastructure, launching the new site as Cracked.sh on April 14. Researchers from threat intelligence firms have confirmed that user credentials from the previous iteration of Cracked successfully logged into the new platform, which may indicate it is a legitimate revival.

The ongoing narrative suggests limited success for law enforcement’s international efforts against these cybercrime marketplaces. In contrast, the Nulled marketplace remains offline, largely due to arrests made by Spanish authorities of key individuals linked to its operations.

Additionally, BreachForums has been offline since a recent attack, which was claimed by a group named “Dark Storm Team” via Telegram posts. The speculation surrounding its downtime has led to considerable discussions among cybersecurity experts, as some question whether the takedown was a law enforcement operation or a DDoS attack.

In light of these developments, business owners should be acutely aware of the shifting landscape of cybercrime operations. The resurgence of platforms such as Cracked raises significant concerns about potential attack vectors businesses may face, including initial access techniques like phishing and credential dumping, as outlined in the MITRE ATT&CK framework. The ability for these forums to continue operating after significant law enforcement actions highlights the resilience of these cybercriminal enterprises, and underscores the need for robust security measures within organizations to defend against evolving cyber threats.