Menu
Browse

Cyber Threat Actor: TheNeoBoss

Actor Type Location Known Incidents
 Icon
Criminal
Russia
2 incidents
Profile

TheNeoBoss is the alias used by a hacker who has been linked to a breach of the adult entertainment network Team Skeet and its parent company Paper Street Media, with the actor’s location noted as Russia in open sources. The individual first came to public attention in March 2016 after gaining administrative access to Team Skeet’s systems, defacing the website, and advertising a database that allegedly contained email addresses, plaintext passwords, names, physical addresses, and IP addresses for over 237,000 user accounts on the dark web marketplace Dream Market. In communications with Motherboard, the hacker stated the motivation was to publicly shame the company for what they described as poor security practices, while also seeking financial gain by offering the data for 0.962 bitcoins, roughly equivalent to $400 at the time. The actor claimed to have attempted to warn Paper Street Media about vulnerabilities prior to the attack and to have inquired about a bug bounty program, which was reportedly ignored.

TheNeoBoss’s observed tactics, techniques, and procedures include exploiting administrative functions to access internal panels and recent customer support tickets, exfiltrating user credential datasets, and defacing the public-facing website to demonstrate control. The hacker advertised not only the primary user database but also additional data sets such as 50,000 logins for other Paper Street Media sites, 426,000 lines of failed login attempts, and 468,000 lines of members’ geo‑IP information, although Motherboard was unable to independently verify the legitimacy of these claims. No specific malware families or initial‑access vectors were described in the reporting, and the actor’s tooling style remains unspecified beyond the use of dark‑web marketplaces for monetization and website defacement for intimidation.

Attribution to Russia is the only geographic detail publicly associated with the alias, and no state sponsorship or affiliation with a known criminal consortium has been established in the sources. The most notable operation attributed to TheNeoBoss is the March 2016 Team Skeet breach, which resulted in the alleged compromise of over 237,000 accounts and the attempted extortion of Paper Street Media through the sale of the stolen data on Dream Market. The incident highlighted the actor’s ability to leverage administrative access for both data theft and public embarrassment, while also demonstrating a pattern of seeking financial compensation via illicit markets after claiming to have disclosed vulnerabilities that were ignored by the target.

Incidents
Attributed incidents available to members
2 incidents
Sources
Sources available to members
1 source