FBI seizes BreachForums domains
Law Enforcement
Summary
Hide ▲
Show ▼
On October 5, 2025, the FBI seized the domains associated with BreachForums, disrupting a criminal marketplace used to traffic stolen data and facilitate extortion. The action cut off access to a key hub for ShinyHunters and other actors. It also targeted infrastructure used to monetize intrusions and coordinate cybercrime activity across multiple sectors.
Related Happenings
Microsoft civil action against Fox Tempest infrastructure takedown
Regulatory/Legal Action
First: 19.05.2026 18:00
Last: 19.05.2026 18:00
Sources 1
About this happening:
Microsoft filed a **civil action** against **Fox Tempest** in the **US District Court for the Southern District of New York**, securing a **court order** that enabled a broad disr...
Microsoft civil action against Fox Tempest infrastructure takedown
Regulatory/Legal ActionAbout this happening: Microsoft filed a **civil action** against **Fox Tempest** in the **US District Court for the Southern District of New York**, securing a **court order** that enabled a broad disr...
BlackFile vishing extortion campaign targeting retail and hospitality organizations
Campaign
First: 24.04.2026 21:26
Last: 24.04.2026 21:26
Sources 1
About this happening:
The **BlackFile** campaign is driving **vishing-based data theft and extortion** against **retail and hospitality organizations**, putting employee credentials and enterprise data...
BlackFile vishing extortion campaign targeting retail and hospitality organizations
CampaignAbout this happening: The **BlackFile** campaign is driving **vishing-based data theft and extortion** against **retail and hospitality organizations**, putting employee credentials and enterprise data...
Operation PowerOff DDoS-for-hire takedown
Law Enforcement
First: 17.04.2026 09:40
Last: 17.04.2026 09:40
Sources 1
About this happening:
Europol and partners in 21 countries carried out Operation PowerOff, disrupting a DDoS-for-hire/booter-service ecosystem. The coordinated action took down 53 domains, seized infra...
Operation PowerOff DDoS-for-hire takedown
Law EnforcementAbout this happening: Europol and partners in 21 countries carried out Operation PowerOff, disrupting a DDoS-for-hire/booter-service ecosystem. The coordinated action took down 53 domains, seized infra...
Latest development: 17.04.2026 14:30
Europol-led Operation PowerOff involved police and cybersecurity agencies from 21 countries and disrupted DDoS-for-hire infrastructure by taking down 53 domains, seizing databases linked to over three million criminal user accounts, removing over 100 advertising URLs, and arresting four people suspected of providing DDoS-for-hire services.
Handala multi-stage malware with Telegram C2 and exfiltration
Malware Activity
First: 24.03.2026 11:30
Last: 24.03.2026 11:30
Sources 1
About this happening:
The **Handala** malware package uses a **multi-stage payload** to give operators **remote access** to infected **Windows** devices, increasing the risk of stealthy data theft. The...
Handala multi-stage malware with Telegram C2 and exfiltration
Malware ActivityAbout this happening: The **Handala** malware package uses a **multi-stage payload** to give operators **remote access** to infected **Windows** devices, increasing the risk of stealthy data theft. The...
Europol-led seizure of Tycoon2FA domains
Law Enforcement
First: 04.03.2026 18:00
Last: 04.03.2026 18:00
Sources 1
About this happening:
**Europol** and partners **seized over 300 domains** tied to **Tycoon2FA**, disrupting a **phishing-as-a-service** operation used for **credential theft** and **MFA bypass**. The...
Europol-led seizure of Tycoon2FA domains
Law EnforcementAbout this happening: **Europol** and partners **seized over 300 domains** tied to **Tycoon2FA**, disrupting a **phishing-as-a-service** operation used for **credential theft** and **MFA bypass**. The...
Timeline
-
05.10.2025 03:00 2 articles · 7mo ago
FBI seizes BreachForums domains
Legal Policy Action UpdateThe FBI seized the domains associated with BreachForums and described the site as a major criminal marketplace used by ShinyHunters and others to traffic in stolen data and facilitate extortion. The takedown removed access to a key hub used to monetize intrusions, recruit collaborators, and target victims across multiple sectors.
Show sources
- Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’ — krebsonsecurity.com — 26.11.2025 19:22
- Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’ — krebsonsecurity.com — 26.11.2025 19:22