Group-IB, a global threat hunting and adversary-centric cyber intelligence company specializing in investigating and preventing hi-tech cybercrimes, has discovered a database allegedly belonging to a bulletproof hosting provider DDoS-Guard posted for sale on a cybercrime forum on May 26. The database supposedly contains information about DDoS-Guard’s customers, including their names, IP-addresses, and payment information. In addition to the database, the threat actor claims to have the source code of the DDoS-Guard’s infrastructure. The seller is currently auctioning the entire set at a starting price of $350,000. It is not possible to verify the authenticity of the alleged stolen data, as the threat actor didn’t provide the sample.
DDoS-Guard is a Russian online infrastructure services provider that in January 2021 helped Parler, a social media app, to return online after it had been refused web hosting services on the AWS platform. According to Group-IB report on online piracy, DDoS-Guard also provides computing capacities and obstructs the identification of website owners of hundreds of shady resources that are engaged in illicit goods sale, gambling, and copyright infringements.
Group-IB Threat Intelligence & Attribution system detected the listing posted on May 26 on exploit[.]in, a popular hacker forum.

Oleg Dyorov
Threat Intelligence analyst at Group-IB
According to Group-IB Threat Intelligence & Attribution system, this user previously had an account on exploit[.]in but was banned by the forum administrators as he refused to use the escrow service.

Reza Rafati
Senior analyst at CERT-GIB in Amsterdam