Menu
Browse

Cyber Threat Actor: Mat

Aliases: 2 aliases
Actor Type Location Known Incidents
 Icon
Hacker
1 incident
Profile

The threat actor known as Mat, operating under the aliases @0xScripts and mat, conducted a financially motivated breach of the Basetools.ws underground forum in October 2017. This forum served as a marketplace for cybercriminal activity, specializing in the trade of stolen payment card data, hacking tools, and compromised account credentials, with over 150,000 users and 20,000 listed tools. Mat demanded a $50,000 ransom from forum administrators, threatening to leak stolen data to U.S. law enforcement if unpaid. The compromise exposed sensitive operational details, including administrator credentials, server access points, and multiple data breach archives. The attacker claimed dual motivations: financial gain and retaliation against forum administrators for allegedly manipulating seller rankings and earnings statistics to favor a specific reseller using the alias "RedHat." This incident caused significant disruption by forcing the forum offline and jeopardizing its user base through the exposure of infrastructure credentials and user data.

Mat's compromise of Basetools demonstrated access to critical forum infrastructure, including Remote Desktop Protocol (RDP) servers, Secure Shell (SSH) credentials, web shells, backdoors, and spambot configurations hosted on compromised websites. The attacker exfiltrated and threatened to release administrative panel details, IP addresses, and multiple data breach dumps. No collaborative partners or tools beyond these credentials were referenced, with Mat explicitly stating they acted alone. The operation highlighted direct targeting of cybercriminal platforms themselves rather than conventional private-sector or government entities, leveraging stolen access credentials as both a coercive tool and a means of exposing perceived corruption within illicit communities. The breach's impact stemmed from the potential weaponization of operational data against forum users and administrators.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
1 source