The only aim of the politically motivated website DUMPS is threatening behavior against Russia and Belarus. Researchers have discovered that a new hacker forum is adopting an unusual political position to support Ukraine in its conflict with Russia by exclusively hosting discussions and threat-related activity directed against Russia and Belarus.

According to researchers from the Photon Research Team of Digital Shadows, a ReliaQuest Company, the Russian-language website DUMPS Forum has been around since late May and first appeared to be “every other run-of-the-mill Russian language cybercriminal forum.”

The forum, which has roughly 100 users right now, features areas for trading illegal goods, carding, spreading malware, and creating access points to specific networks. Anyone is welcome to join.

A closer examination of the site revealed its distinctive philosophy, making it “the only forum we’re aware of that is adopting such a stance” to assist Ukraine as it fights against Russia’s invasion, researchers said.

The part that had the most activity at the time researchers examined the forum was the one devoted to leaks, despite the fact that most of the specific activity sections were still vacant. Users have already exchanged data that was taken from private and public institutions with a presence in Russia, including a number of well-known and significant governmental organizations as well as utility companies, they claimed.

Researchers found that a lot of the discussion on the site right now is actually focused on discussing data leaks. Other prominent subjects promote DDoS attack services, falsified and stolen identification documents, anonymous and secure hosting services, and other online crimes targeted at Russia and Belarus.

Unabashed Support for Ukraine

DUMPS Forum is in a unique position as a result of its pro-Ukrainian stance, but it also draws criticism, according to researchers. “The forum will undoubtedly become a target of counter activity by Russia-supporting cyber criminals if the project becomes well-known and successful,” they added.

However, it is only right that someone stands up for the Ukrainians in cyberspace given the way in which Ukraine has been attacked in a cyberwar that has been raging concurrently with Russia’s invasion of its territory. Before the military invasion, Russian-based hackers attacked Ukrainian cyber targets; the attack has persisted during the ongoing, six-month-old ground conflict.

DUMPS adopts a “brazen” stance in favor of Ukraine, even going so far as to publish its exact location, which, according to experts, refers to a residential flat in Kyiv in a building with a roof that features an offensive Russian epithet directed at Vladimir Putin.

 Although they had no idea if it was the administrator’s actual residence, they noted that the location “emphasizes the spirit of defiance and resistance in which the forum is constructed.”

Top Services Offered

DDoS attacks appear to be among the services being marketed on the website that will likely garner the most popularity, experts found. The reason for this, according to them, is that “DDoS attacks and defacement activity have returned in a large way since the beginning of the war.” These assaults have primarily been carried out by a broad group of hacktivist actors working for both sides.

Users can order DDoS attacks on any network resource “quickly, qualitatively, effectively” with a power range of up to 500 Gbps, priced at $80 per hour, using the specific DDoS services advertised on the website. According to analysts, Layer 4 attacks cost $500 for 24 hours while Layer 7 attacks cost $600 for the same period.

They said, “A forum post previously revealed successful defacement activity targeted against the Russian state website of the Russian Federation’s Ministry of Construction, Housing, and Communal Services.”

The forum also strongly emphasizes selling information services, often known as probiv, a quid-pro-quo service in which a user offers a piece of personal data about a person in exchange for more information about this target in exchange for information return for a charge.

According to experts, the probiv services on the forum are largely targeted at financial institutions, mobile network operators, and government authorities in Russia and Belarus. Data from local wanted lists and criminal records, information about suspects or persons of interest, migrant information, information pertaining to purchasing tickets for transportation outside of Russia, and lists of citizens convicted of possessing illegal weapons are just a few examples of information that may be of interest.

A Look Ahead

According to researchers, the website has the potential to significantly impact the ongoing conflict between Russia and Ukraine in the future by acting as a “hub for hacktivists and patriotic cyber threat actors, as a symbol of resistance, and making a demonstrable difference in the cyber battlefield.”

Its decision to function with content that is nearly entirely written in Russian is curious and may provide an issue because it will prevent companies that do not speak Russian from supporting Ukraine from participating in the forum, according to academics.

On the other hand, it implies that the forum’s objective is to target individuals within the Russian federation who can launch attacks from within the nation and who are probably not Ukrainian speakers; they claimed that this is contrary to the fact that the majority of Ukrainians speak Russian fluently and would be able to participate.

According to analysts, the forum’s open nature, which currently allows anybody to join, may also pose a risk to operational security. Some users have requested an invite-only system to shield individuals from potential reprisal from pro-Russian forces.