Database, source code allegedly related to bulletproof hosting, once Parler’s service provider, up for sale on hacker forum

Group-IB, a global threat hunting and adversary-centric cyber intelligence company specializing in investigating and preventing hi-tech cybercrimes, has discovered a database allegedly belonging to a bulletproof hosting provider DDoS-Guard posted for sale on a cybercrime forum on May 26. The database supposedly contains information about DDoS-Guard’s customers, including their names, IP-addresses, and payment information. In addition to the database, the threat actor claims to have the source code of the DDoS-Guard’s infrastructure. The seller is currently auctioning the entire set at a starting price of $350,000. It is not possible to verify the authenticity of the alleged stolen data, as the threat actor didn’t provide the sample.

DDoS-Guard is a Russian online infrastructure services provider that in January 2021 helped Parler, a social media app, to return online after it had been refused web hosting services on the AWS platform. According to Group-IB report on online piracy, DDoS-Guard also provides computing capacities and obstructs the identification of website owners of hundreds of shady resources that are engaged in illicit goods sale, gambling, and copyright infringements.

Group-IB Threat Intelligence & Attribution system detected the listing posted on May 26 on exploit[.]in, a popular hacker forum.

Initially, the threat actor was auctioning off the lot with a starting price of $500,000. Shortly after the amount was reduced to $350,000. The threat actor didn’t provide a sample of the database, which makes it impossible to verify the authenticity of the reported stolen database and the source code. The seller registered this account on exploit[.]in in January 2021 and has been looking to buy access to different corporate networks ever since. It is only the second time that they are trying to sell data on the forum. Despite the regular activity, the threat actor has no reputation on the forum and has made no deposits yet.

Oleg Dyorov

Threat Intelligence analyst at Group-IB

According to Group-IB Threat Intelligence & Attribution system, this user previously had an account on exploit[.]in but was banned by the forum administrators as he refused to use the escrow service.

DDoS-Guard, whose data is allegedly being traded on the hacker forum, provides DDoS protection, CDN and hosting services. «As an international certified emergency response team, we get to interact with dozens of hosting providers around the world every day to ensure violations are removed promptly. Whenever we establish a connection with this company, it immediately reflects a red flag. We’ve seen a number of rogue websites hosted by DDoS-Guard. They were almost impossible to take down. Their answer to our numerous complaints on them protecting illegal resources is that they are not the owners of these websites. Such a safe environment for illicit online activity doesn’t do any good for the global effort against cybercrime.

Reza Rafati

Senior analyst at CERT-GIB in Amsterdam

About Group-IB

Founded in 2003 and headquartered in Singapore, Group-IB is a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime. Combating cybercrime is in the company’s DNA, shaping its technological capabilities to defend businesses, citizens, and support law enforcement operations.

Group-IB’s Digital Crime Resistance Centers (DCRCs) are located in the Middle East, Europe, Central Asia, and Asia-Pacific to help critically analyze and promptly mitigate regional and country-specific threats. These mission-critical units help Group-IB strengthen its contribution to global cybercrime prevention and continually expand its threat-hunting capabilities.

Group-IB’s decentralized and autonomous operational structure helps it offer tailored, comprehensive support services with a high level of expertise. We map and mitigate adversaries’ tactics in each region, delivering customized cybersecurity solutions tailored to risk profiles and requirements of various industries, including retail, healthcare, gambling, financial services, manufacturing, crypto, and more.

The company’s global security leaders work in synergy with some of the industry’s most advanced technologies to offer detection and response capabilities that eliminate cyber disruptions agilely.

Group-IB’s Unified Risk Platform (URP) underpins its conviction to build a secure and trusted cyber environment by utilizing intelligence-driven technology and agile expertise that completely detects and defends against all nuances of digital crime. The platform proactively protects organizations’ critical infrastructure from sophisticated attacks while continuously analyzing potentially dangerous behavior all over their network.

The comprehensive suite includes the world’s most trusted Threat Intelligence, The most complete Fraud Protection, AI-powered Digital Risk Protection, Multi-layered protection with Managed Extended Detection and Response (XDR), All-infrastructure Business Email Protection, and External Attack Surface Management.

Furthermore, Group-IB’s full-cycle incident response and investigation capabilities have consistently elevated industry standards. This includes the 77,000+ hours of cybersecurity incident response completed by our sector-leading DFIR Laboratory, more than 1,400 successful investigations completed by the High-Tech Crime Investigations Department, and round-the-clock efforts of CERT-GIB.

Time and again, its solutions and services have been revered by leading advisory and analyst agencies such as Aite Novarica, Gartner®, Forrester, Frost & Sullivan, KuppingerCole Analysts AG, and more.

Being an active partner in global investigations, Group-IB collaborates with international law enforcement organizations such as INTERPOL, EUROPOL and AFRIPOL to create a safer cyberspace. Group-IB is also a member of the Europol European Cybercrime Centre’s (EC3) Advisory Group on Internet Security, which was created to foster closer cooperation between Europol and its leading non-law enforcement partners.