All three carding forums were popular among cybercriminals for buying and selling stolen credit and debit cards.
Russian law enforcement authorities are hunting down cybercriminal forums and culprits behind them. After taking down the Infraud Organization Group and dismantling the REvil ransomware gang at the request of the United States, the Russian government has taken down three more cybercrime and carding platforms.
Trump Dumps, Ferum, and SkyFraud seized
According to Russian news outlets, authorities have arrested 6 individuals suspected to be members of a hacking group involved in stealing and selling credit cards. Furthermore, three popular carding forums (involved in selling stolen credit cards)Trump Dumps, Ferum, and SkyFraud have also been seized by Russian police.
The Trump’s Dumps, Ferum, and SkyFraud, all three forums now display notices explaining that the websites were seized by Management “K” of the BSTM of the Ministry of Internal Affairs of Russia.
The arrests were made under Article 187 of the “The Criminal Code Of The Russian Federation.” This article is related to the making of “counterfeit credit or debit cards, and also of other payment documents, which are not securities, with the purpose of their utterance or their sale.”
The Seizure Message
At the time of writing, all three seized domains displayed a warning message in the Russian language. The English translation of the seizure message is as follows:
The TRUMP-DUMPS service is permanently closed as part of a special law enforcement operation — Management “K” of the BSTM of the Ministry of Internal Affairs of Russia warns: theft of funds from bank cards is illegal!
A full preview of the seizure page on all three carding forums is available below:
Although officially unconfirmed by Russia, cybersecurity firm Flashpoint reports that authorities have also seized UAS (Ultimate Anonymity Services), an RDP shop. For your information, UAS is a popular marketplace available on the clear and dark web and allows buying and selling of stolen Social Security Numbers, login credentials for Windows Remote Desktop, and access to SOCKS proxy servers.
As per Russian news agency TASS, the arrests were made upon the request of investigators from the Russian Federation’s Ministry of Internal Affairs. After the arrests, the press court released the following statement:
“The Tverskoy Court of Moscow received petitions from the investigation to select a measure of restraint in the form of detention against six people suspected of committing a crime under part 2 of article 187 of the Criminal Code of the Russian Federation (“Illegal circulation of means of payment”).”
Mystery warning message
An interesting point Hackread.com can confirm is that the source code of all three forums now display a hidden message from Russian authorities directed towards other cybercriminals.
The message reads: “КТО ИЗ ВАС СЛЕДУЮЩИЙ?” (English translation: Which of You Is Next?). The message implies that there are likely to be more arrests in the near future.
Russia’s Arrest Spree
The arrest spree started in early January 2022 after Biden told Putin to act against ransomware gangs operating from Russia. Although the Russian government has been accused of assisting cybercriminals experts have seen a change in the country’s policy after DarkSide launched a ransomware attack on Colonial Pipeline and REvil gang targeted Kaseya.
Since then, Washington and Kremlin have increased cooperation to prevent hackers from using Russian soil to conduct malicious activities. In January, Russia arrested 14 individuals allegedly part of the REvil ransomware gang and seized $6 million.
By the end of January, Russian authorities struck again and arrested the Infraud Organization leader. The group had caused over $560 million in losses to businesses globally.