A threat group called ARES is gaining notoriety in the cybercrime scene by selling and leaking stolen databases to companies and public authorities.
The actor appeared on Telegram in late 2021 and has been linked to ransomware operation RansomHouse and data leak platform, KelvinSecurity, and network access group Adrastea.
The ARES group runs its own site with leaked databases and a forum, which could fill the void left by the current old forum Breached.
Cyfirma Reports that ARES exhibits cartel-like behavior, actively seeking affiliations with other threat actors.
ARES Leaks is a regular web-hosted platform that provides access to data leaks from 65 countries, including the United States, France, Spain, Australia, and Italy.
The website hosts leaks with all types of information, from phone numbers, email addresses, customer details, B2B, SSN and corporate databases, to forex data, government leaks and passports.
The group accepts payments in cryptocurrency from members who wish to access the data offered or purchase any of the available services, which cover vulnerability exploitation, penetration testing, malware development and denial attacks. distributed service (DDoS).
According to Cyfirma, activity on ARES Leaks increased following the closure of Breached.
In late 2022, ARES sought to hire expert malware developers and pen testers who could work in Syria, offering payment in cryptocurrency.
ARES also operates private and VIP channels, presumably selling more valuable data leaks from high-profile organizations.
Cyfirma reports that ARES has recently launched efforts to acquire military access and databases, actively promoting its interest through advertisements on cybercrime platforms.
LeakBase was launched in early 2023 and it is another project backed by threat group ARES. Aggressive promotion and the Breached hacker forum shutting down caused many users to sign up.
It is web-hosted clean and free for everyone, offering free databases, a market space to sell leaks, leads, exploits and services, and an escrow payment system to inspire trust.
The forum also hosts spaces for programming, hacking tips, tutorials, social engineering, penetration, cryptography, anonymity, and opsec guides and discussions.
LeakBase is far from Breached at present, but its reputation seems to be growing and it could soon become a major hub of information and services for cybercriminals.
ARES appears to be a well-organized threat group that has continued to expand its operations and services to cover all major cybercrime interests.
Cyfirma believes that ARES views the Breached shutdown as an opportunity to accelerate its growth and establish its position in the cybercrime market.