Cyber Incident Victim: Dread
Date:
Mar 2021
Location:
Russia
Summary
The Dread dark web forum was targeted in a series of attacks affecting multiple Russian-speaking cybercrime communities, prompting the implementation of new protective security measures. These coordinated incidents included credential leaks at Maza, a forceful takeover at Verified, and an account compromise at Club2Crd that facilitated scams and eroded user trust. While Dread's specific breach details weren't disclosed, the collective attacks exposed authentication data, contact information, and operational vulnerabilities across these platforms, underscoring systemic risks within illicit online communities despite their advanced security protocols like certificate-based logins.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 6 motives | 3 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In February 2021, a coordinated series of cyberattacks targeted multiple Russian-speaking cybercrime forums, including the dark web platform Dread. These incidents occurred amid broader compromises affecting the Maza, Verified, and Club2Crd communities within a narrow timeframe. On February 15, attackers forcibly took control of the Verified forum by exploiting an undisclosed vulnerability. The following day, Club2Crd staff member "mak" disclosed his account had been hijacked to facilitate scams and financial theft from members. Concurrently, Dread experienced disruptive attacks prompting its administrators to implement unspecified new protective measures. While the exact technical methods used against Dread were not detailed, these events collectively demonstrated vulnerabilities across prominent underground platforms.
The attacks eroded operational security within affected communities, with Maza suffering a data leak exposing 2,982 member records containing credentials, contact details, and certificate passwords. Though Dread's specific compromise scope remained undisclosed, the forum's defensive enhancements indicated successful intrusion requiring remediation. These incidents highlighted cross-platform risks even among technically sophisticated threat actors, with compromised forums facing reputational damage and operational distrust. Law enforcement gained potential investigative advantages through leaked ICQ contacts and authentication data. The attacks concluded without public attribution, leaving forum operators to address security gaps amid demonstrated threats to their infrastructure and user bases.