A threat actor group is known as “ARES” that deals in the selling of business and governmental authority databases has been detected by the CYFIRMA Research team.
The term “Ares” has previously been used to refer to the notorious Trojan malware “Ares Rootkit,” which was employed by hackers to hack into computers and steal sensitive data.
By actively seeking alliances with other threat actors and claiming connections with reputable hacker groups and ransomware operators, the investigation shows that ARES has exhibited behaviors compatible with “cartel-like behavior.”
Cybercriminal groups have accepted this affiliation. Late in 2021, this actor made his Telegram debut; since then, he has been linked to the RansomHouse ransomware operation, the KelvinSecurity data leak platform, and the Adrastea network access group.
ARES Group runs its website, including database leaks and a forum, which may compensate for the gap left by the now-defunct Breached forum.
An Overview of the Activities of the ARES Group
Data leaks from 65 nations, including the United States, France, Spain, Australia, and Italy, are accessible on the platform ARES Leaks, hosted on the regular web.
The website hosts leaks containing a wide range of information, including forex data, government leaks, passports, phone numbers, email addresses, customer details, B2B, SSN, and business databases.
The group accepts cryptocurrency payments from members who want to access the provided data or buy one of the services, which include distributed denial of service (DDoS) assaults, pen-testing, vulnerability exploitation, and malware development.
Notably, following the shutdown of Breached, activity on ARES Leaks increased. As a result, ARES decided to seek malware developers and expert pen-testers to work in Syria at the end of 2022, offering payment in cryptocurrency.
ARES reportedly runs VIP and private channels, selling more valuable data leaks from well-known companies. In addition, Cyfirma researchers say ARES has recently started trying to obtain military access to databases, actively marketing its interest through advertisements on platforms for cybercrime.
LeakBase, another initiative backed by the ARES threat group, went live in early 2023. Several users signed up due to aggressive promotion and the Breached Hacker Forum closing its doors.
It offers free databases, a marketplace for selling leaks, leads, exploits, and services, and an escrow payment system to foster trust.
Also, the forum’s sections are dedicated to programming, hacking advice, tutorials, social engineering, penetration testing, cryptography, anonymity, and opsec discussion.
Final Thoughts
“The group is well-organized and recognizes the value of collaboration among like-minded cybercriminals, to sustain their operations,” CYFIRMA researchers.
“The group appears to have clear objectives to establish itself as a reliable data leak site and create a cybercriminal ecosystem for buyers and sellers of data and related services.”
The operations of ARES Leaks pose a significant danger to enterprises’ cybersecurity overall. To defend against possible attacks from this group and to be alert about new cybercriminal ecosystems, enterprises must put in place thorough security measures.