Those who advocate anonymity, freedom of expression, and privacy heavily use the dark web. Although most people are unaware of this part of the Internet, the dark web is an important part of the Internet. Since websites are kept unindexed here, it is more complex and difficult to search for source content and obtain data than the clear web. While many people use this hidden part of the Internet, many use it to carry out illegal activities. The biggest reason malicious users prefer to use the dark web is that special software is used to enter the web pages here, providing anonymity and privacy. Dark web forums generally contain illegal trade, malware, 0day, exploit, database leakage, credit card information, etc. There are many different data. Dark web forums are one of the important sources for threat intelligence research at this point. We recommend you take a look at our Top 10 Dark Web Search Engine blog post that we have previously published.
Monitoring dark web forums is an important source for analyzing current cyber threats. Today, although threat actors broadcast their illegal activities via applications such as telegram, dark web forums are still one of the current content sources. According to the analyses made by ThreatMon analysts, there are important findings detected and obtained from dark web forums as the first source. With the detection of exploits, zero days, malware, etc. content obtained from dark web forums, proactive intelligence is developed by analyzing current malware. Similarly, with the detection of databases, credit cards, sensitive information, etc. leaks obtained from forums, target sectors, and countries are identified and information is obtained to strengthen the defense of the relevant institutions and organizations and take measures to prevent a possible attack.
ThreatMon’s dark web monitoring service enables proactive detection and monitoring of corporate information or sensitive credentials shared on forums. Cyber Threat Intelligence Analysts perform open source intelligence (OSINT) analyses on the dark web to gather clues and better understand threats. It allows ThreatMon to mitigate risks, protect customer data, and reduce the impact of cyber threats such as identity theft, fraud, or data breaches.
You can protect your company with ThreatMon’s dark web monitoring to safeguard your reputation.
In 2022, following the closure of RaidForums, a very popular forum founded in 2015, Breached was established in a similar format to RaidForums. After the FBI arrested Pompompurin, the owner of Breached, in March 2023, Breached was also seized and the forum was closed and moved to a new forum called Breached, which was also closed in March 2023. To fill the void left by these closures, a new forum called ‘Exposed’ was opened. The forum with a similar theme and name was opened to users, and this brought to mind the question of whether it was a game of the FBI. Although the new forums were similar to the Breach forum, the fear that the new site was secretly monitored and possibly managed by the FBI caused many former Breached members to be suspicious. The newly launched Breach soon reached many users and shared many database leaks. It is still one of the most important forums and users can create an account with free membership. With the credit system in the forum, users can obtain credits. The most popular topic of the Breach forum is database leakage, but it also takes an active role in illegal sales. At the time of this report, the current Breach forum has 25,982 threads, 273,586 posts, and 78,687 members.
In 2022, following the closure of RaidForums, a very popular forum established in 2015, Exploitin, an important Russian forum, has been actively used for cyber attacks and crimes since about 2012. Within the forum, there are regular sales of categorized cybercrime tools, trading in database leaks, credit card information leaks, malware sales, and even ransomware sales for ransom services. Compared to other forums, their membership policy is stricter. New memberships require a fee and an invitation from an existing member. At the time of writing, the Exploitin forum has 213,672 topics, 1,337,208 posts, and 60,856 members.
XSS, a Russian forum, has been actively used for cyber attacks since about 2013. The forum contains a significant amount of exploits, zero-day exploits, and malware. The forum is also popular for access sales and contains illegal sales that can be used for first access in Ransomware activities. Again, like the Breach forum, XSS offers free user account creation. There is a credit system for transactions within the forum. When writing this report, the XSS forum has 81,002 threads, 625,178 messages, and 58,902 members.
Nulled is a dark web forum that has been operating since 2015. To date, this forum has 5,131,238 users and hosts 33 million posts. Nulled dark web forum attracts attention with fake identity documents, malware creation tools, and databases. In 2016, as a result of a data breach by cyber hackers, 9.45 GB of personal information of users was disclosed.
Founded in 2008, Altenen has 1.3 million users and 1,264,546 posts. The Altenen dark web forum, which is famous for credit card fraud, also produces fake IDs and passports. In 2018, the founder was caught and the first forum was closed. After the arrest of the founder, the dark web forum continues to be actively used, managed by another user with the address Altenen.nz.
Hydra Market was founded in 2015 and has 17 million users to date. The dark web platform, which is actively used in Russia and the Commonwealth of Independent States countries, hosts forged documents, data breaches, databases, illegal products, and more. To access the Hydra Market, it remained strong, secure, and confidential by continuing its activities with cryptocurrencies such as Bitcoin over the Tor network. In 2022, due to operations carried out by German and US law enforcement agencies, Hydra Market was closed, and its servers and $543 million in cryptocurrency were seized. Hydra Market became active again after a while.
Sinister is a dark web forum founded in 2016 and has 62 thousand users to date. Sinister attracts the attention of its users with topics such as various tools, social engineering techniques, and cracked programs.
Cracked was founded in 2016 and has 4.27 million users. The Cracked Dark Web forum hosts posts on exploit development, zero-day exploits, user logins, and cybersecurity. Cracked is not an illegal platform and is used by cybersecurity experts and penetration testers.
Cracking is one of the most important forums of its kind. This is a forum where cybercriminals can discuss various cracking tools, combo lists and dumps, tools, proxies, premium accounts, and more. When writing this report, the Cracking forum has 226,815 threads, 2,084,807 messages, and 484,239 members.
LeakBase, which has an important place for database leaks, emerged in 2023. The forum focuses on database leaks and includes a community that challenges the Breach forum. The forum is free to join and member status can be upgraded within the forum. Active database leaks are shared in the forum mainly by the staff team. When we look at the content, it is seen that there are user accounts, logs, various software, tools, and training pieces other than database leaks. When writing this report, the LeakBase forum has 14,275 threads, 93,258 messages, and 45,946 members.
