A cybercrime threat group called Ares has been increasingly gaining popularity after the notorious BreachForums hacking forum went out of business following the arrest of its administrator last month.
The group emerged on the Telegram messaging app in late 2021 and has been linked to the RansomHouse ransomware, the KelvinSecurity data leak platform, as well as the Adrastea network access group. Ares has been gaining notoriety in recent months for selling and leaking databases stolen from corporations and public authorities, according to a new report from cybersecurity firm Cyfirma.
“The group launched a surface web website in January 2023 and subsequently focused on developing a forum, which has now been completed. On the 31st of March 2023, the forum was launched with the aim of improving its operations,” the researchers said. “Our analysis indicates that Ares has displayed characteristics, consistent with cartel-like behavior, by actively seeking out affiliations with other threat actors and asserting connections with established hacking groups and ransomware operators.”
Ares Leaks offers access to data leaks from 65 countries, including the United States, India, Philippines, Mexico, Australia, Ukraine, Thailand, France, Spain, and Italy.
The platform hosts leaks with all types of information, ranging from phone numbers, email addresses, customer details, B2B, SSN, and corporate databases, to forex data, government leaks, and passports. In addition to data leaks, the group also offers botnet and DDoS services.
Cyfirma says that the administrator of Ares was spotted selling zero-day vulnerabilities, suggesting that the group, which consists of expert penetration testers, malware developers, and other resources, is leveraging vulnerabilities, including zero-day bugs, to hack into systems.
“Our analysis of Ares Leaks’ activities indicates that the group is well-organized and recognizes the value of collaboration among like-minded cybercriminals, to sustain their operations. The group appears to have clear objectives to establish itself as a reliable data leak site and create a cybercriminal ecosystem for buyers and sellers of data and related services,” the researchers concluded.
