Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label DDOS Guard. Show all posts

Cybercrime Forum Publishes Alleged Database, Source Code From Russian Firm That Helped Parler

 

A seller on a famous cybercrime website claims to be selling source code and a database that they claim belongs to DDoS-Guard, the Russia-based hosting firm that helped social media company Parler relaunch after Amazon Web Services banned it. 

DDoS-Guard also offers computing capacity and restricts the recognition of website owners of hundreds of shady resources involved in unlawful goods sales, gambling, and copyright infringements, according to Group-IB research on online piracy. 

On May 26, Group-IB, a global threat hunting, and adversary-centric cyber intelligence firm specialized in investigating and combating high-tech cybercrime, uncovered a database supposedly connected to bulletproof hosting provider DDoS-Guard that was placed for sale on a cybercrime website. 

Customers' names, IP addresses, and payment details are allegedly stored in the database. In addition to the database, the threat actor claims to possess the DDoS-Guard infrastructure's source code. The entire collection is currently up for auction, with a starting bid of $350,000. Since the threat actor did not offer a sample, it is impossible to verify the legitimacy of the allegedly stolen material. 

DDoS-Guard also offers computing capacity and restricts the recognition of website owners of hundreds of shady resources involved in unlawful goods sales, gambling, and copyright infringements, according to Group-IB research on online piracy.

“Initially, the threat actor was auctioning off the lot with a starting price of $500,000. Shortly after the amount was reduced to $350,000,” stated Oleg Dyorov, Threat Intelligence analyst at Group-IB. “The threat actor didn’t provide a sample of the database, which makes it impossible to verify the authenticity of the reported stolen database and the source code. The seller registered this account on exploit in January 2021 and has been looking to buy access to different corporate networks ever since. It is only the second time that they are trying to sell data on the forum. Despite the regular activity, the threat actor has no reputation on the forum and has made no deposits yet.” 

According to the Group-IB Threat Intelligence & Attribution system, this user had an account on exploit[.]in before being barred by the forum administrators for refusing to use the escrow service. DDoS-Guard provides DDoS prevention, CDN, and hosting services, and its data is allegedly being traded on a hacker site. 

“As an international certified emergency response team, we get to interact with dozens of hosting providers around the world every day to ensure violations are removed promptly,” says Reza Rafati, a senior analyst at CERT-GIB in Amsterdam. 

“Whenever we establish a connection with this company, it immediately reflects a red flag. We’ve seen a number of rogue websites hosted by DDoS-Guard. They were almost impossible to take down. Their answer to our numerous complaints on them protecting illegal resources is that they are not the owners of these websites. Such a safe environment for illicit online activity doesn’t do any good for the global effort against cybercrime.”

Russian IT company reportedly lost contract in USA because of serving sites with content from Trump supporters

The CEO of the Russian provider DDoS-GUARD Evgeny Marchenko explained why the American CoreSite refused to work with his company.

DdoS-Guard, a company registered in Rostov-on-Don, has lost access to partner data centers in the United States. The reason for this was the fact that the company provided services to protect the websites of supporters of Donald Trump. This is reported by the Telegram channel Mash.

According to the founder of the company, Yevgeny Marchenko, the formal reason was to provide hosting to a site associated with the Hamas movement.

"The story began in November last year. One of our partners found out that we are working with a website related to the Hamas movement, which is banned in the United States. We immediately stopped cooperation, but the story was continued at the beginning of the year," said Marchenko.

Already on January 7, CoreSite announced that cooperation with DDoS-Guard was terminated, explaining the same reason - cooperation with Hamas.

"We conducted an internal investigation and found out that one of our partners distributed information to supporters of the current President Trump. Moreover, the content was distributed by a Canadian company. It all looks like an attempt to find at least some Russian company and by any means make a scandal that suggests that Russians support Trump," added Marchenko.

Also, the owner of DdoS-Guard noted that Hamas is now quietly working with the American company.

The DDoS-Guard company has already been repeatedly accused of supporting not entirely legitimate sites, but no measures were taken against them.

DDoS-Guard was founded in 2011 by Evgeny Marchenko and Dmitry Sabitov. The company provides traffic filtering services to protect against DDoS attacks to retail and corporate customers on the basis of its own network of filtering nodes located in several countries. DDoS-Guard also acts as a provider of secure hosting services. The company's head office is located in Rostov-on-Don.

Recall that almost all IT companies are against US President Donald Trump. The reason was the attack by his supporters on the Capitol, which took place on January 6. Many felt they were prompted to do so by Trump's words. After that, his accounts were blocked on almost all major social networks.