ARES emerges major player in cybercrime

A cybercrime threat group called ARES has been gaining notoriety in recent months for selling and leaking databases stolen from corporations and public authorities. The group emerged on the Telegram messaging app in late 2021 and has since been associated with the RansomHouse ransomware operation, the data leak platform KelvinSecurity, and the network access group Adrastea.

According to a report by cybersecurity firm Cyfirma, ARES displays cartel-like behavior and actively seeks affiliations with other threat actors. The group manages its own site, ARES Leaks, which offers access to data leaks from 65 countries, including the United States, France, Spain, Australia, and Italy. The website hosts leaks with all types of information, from phone numbers, email addresses, customer details, B2B, SSN, and company databases, to forex data, government leaks, and passports.

The group accepts cryptocurrency payments from members who want to access the offered data or to purchase one of the available services, which span vulnerability exploitation, pen-testing, malware development, and distributed denial of service (DDoS) attacks. Cyfirma notes that the activity on ARES Leaks increased after the shutdown of the now-defunct Breached forum.

In addition to ARES Leaks, the group also operates private and VIP channels, presumably selling more valuable data leaks from high-profile organizations. Cyfirma reports that ARES has recently initiated efforts to acquire military access and databases, actively promoting its interest through advertisements on cybercrime platforms.

The group also launched a new project called LeakBase in early 2023, which offers free databases, a market space for selling leaks, leads, exploits, and services, and an escrow payments system to inspire trust. The forum also hosts spaces for programming, hacking tips, tutorials, social engineering, penetration, cryptography, anonymity, and opsec guides and discussions.

The sources for this piece include an article in BleepingComputer.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web