Menu
Browse

Cyber Threat Actor: Eggfather

Aliases: 2 aliases
Actor Type Location Known Incidents
 Icon
Hacker
Russia
9 incidents
Profile

Eggfather, also known by the alias Egghunter, is a threat actor whose activity has been publicly linked to a series of forum compromises in November 2015. Open‑source reporting indicates that the actor is associated with Russia, although no further details about their geographic base or operational structure have been confirmed. The available information does not describe any broader organizational affiliation, state sponsorship, or criminal consortium ties, and therefore such aspects remain unspecified in the public record.

The actor’s known operations involve gaining unauthorized access to various online discussion platforms and extracting user credential data. On 2015‑11‑10, Eggfather reportedly breached forum.chumpcar.com, engineerboards.com, c4forums.com, and mwcboard.com, obtaining usernames and hashed password sets that ranged from approximately fifteen thousand to over twenty‑one thousand accounts per site. A few days earlier, on 2015‑11‑06, similar intrusions were alleged against islandermania.com, lonestarspeedzone.com, sikhawareness.com, and pixarra.com, yielding credential dumps that varied between roughly two thousand and eight thousand five hundred entries each. In each case the disclosed summary notes only the extraction of usernames and password hashes, with no mention of malware deployment, specific exploit tools, or post‑exploitation activities.

Because the public sources do not detail the actor’s typical targeting sectors, strategic objectives, or characteristic tactics, techniques, and procedures, those elements cannot be included in this profile without resorting to speculation. Likewise, no definitive attribution to a state entity or criminal group has been established, and no additional campaigns beyond the listed forum breaches have been documented. Consequently, the profile is confined to the verified aliases, the indicated Russian association, and the concrete incidents of credential theft from the specified forums.

Incidents
Attributed incidents available to members
8 incidents
Sources
Sources available to members
0 sources