{"id":57518,"date":"2022-02-10T17:21:18","date_gmt":"2022-02-10T15:21:18","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=57518"},"modified":"2025-09-04T12:09:16","modified_gmt":"2025-09-04T09:09:16","slug":"russian-police-shut-down-four-dark-web-sites-with-263-million-in-revenue","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/russian-police-shut-down-four-dark-web-sites-with-263-million-in-revenue\/","title":{"rendered":"Russian police shut down four dark-web sites with $263 million in revenue"},"content":{"rendered":"

Specialists from the K Department of the Russian Interior Ministry blocked the operation of four leading darknet sites: the Sky-Fraud forum, Trump\u2019s Dumps, UAS Store and Ferum Shop, the largest market for stolen credit cards. reports<\/a> Elliptic.<\/p>\n

During their operation, the sites earned more than $263 million in Bitcoin, Ethereum and Litecoin.<\/p>\n

The majority of that sum \u2013 $256 million \u2013 went to Ferum Shop, which has been operating since 2011. According to Elliptic, this card shop accounted for almost 17% of the entire market for stolen credit cards.<\/p>\n

The resource UAS Store sold compromised Social Security numbers and access to RDP<\/span>-servers, which allowed cybercriminals to remain anonymous.<\/p>\n

The total value of data sold for more than 113 million bank cards on the sites during their operation exceeded $654.9 million.<\/p>\n

Ferum Shop, Trump\u2019s Dumps and UAS Store may have been run by a single hacker group, since they shared a server, as suggested<\/a> by Group-IB experts.<\/p>\n

On the Sky-Fraud, Ferum Shop and Trump\u2019s Dumps sites, notices of their blocking by the K Department of the Russian Interior Ministry appeared. The current source code of the closed resources contains a warning \u201cWHO IS NEXT?\u201d.<\/p>\n

\"Russian
Source: Elliptic.<\/figcaption><\/figure>\n

Group-IB explained that this is not simply the blocking of resources, but a takedown \u2014 gaining access to the entire infrastructure of those who ran the sites. This would be possible only if those individuals were detained, the experts added.<\/p>\n

On February 7, investigators from the Ministry of Internal Affairs asked the Tverskoy Court of Moscow to arrest six suspects in a criminal case of illegal handling of payment instruments, as reported by TASS<\/a>.<\/p>\n

They were presumably part of a hacker group involved in the theft and sale of stolen credit cards. According to the publication, the defendants \u201cpossess specialized knowledge in the field of international payment systems\u201d and were detained in various regions of Russia.<\/p>\n

Officially, no link between these two cases has been confirmed yet.<\/p>\n

Earlier this year, in mid-January 2022 the FSB announced the arrest of members of the hacker group REvil<\/a> on the basis of a request from US authorities.<\/p>\n

As a result of searches at 25 addresses, law enforcement seized more than 426 million rubles, including in cryptocurrency, $600,000 and \u20ac500,000, and 20 premium cars.<\/p>\n

On 15 January the Moscow court arrested eight suspects in the group for two months. They were charged with illegal turnover of payment instruments.<\/p>\n","protected":false},"excerpt":{"rendered":"

Specialists from the K Department of the Russian Interior Ministry blocked the operation of four leading darknet sites: the Sky-Fraud forum, Trump\u2019s Dumps, UAS Store and Ferum Shop.<\/p>\n","protected":false},"author":1,"featured_media":57519,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1154,1269,44,477,27],"class_list":["post-57518","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-crimes","tag-cryptocurrencies","tag-cybercrime","tag-darknet","tag-russia"],"aioseo_notices":[],"amp_enabled":true,"views":"43","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/57518","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=57518"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/57518\/revisions"}],"predecessor-version":[{"id":57520,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/57518\/revisions\/57520"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/57519"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=57518"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=57518"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=57518"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}