A cybercrime threat group called ARES is making waves in the underground market by selling and leaking databases stolen from corporations and public authorities. ARES emerged on Telegram in late 2021 and is associated with various cybercrime operations, including RansomHouse, KelvinSecurity, and Adrastea.
The group manages its own website, ARES Leaks, which offers access to data leaks from 65 countries, including sensitive information such as forex data, government leaks, and passports. ARES accepts cryptocurrency payments from members who want to access the offered data or purchase their services, which include vulnerability exploitation, pen-testing, malware development, and DDoS attacks.
Cyfirma reports that ARES displays cartel-like behavior by seeking affiliations with other threat actors and attempting to acquire military access and databases. The group also operates private and VIP channels, presumably selling more valuable data leaks from high-profile organizations.
With Breached forum now defunct, ARES Leaks has become a significant hub for information and services for cybercriminals, and their new project, LeakBase, is also growing in reputation.
According to reports, ARES sought to hire malware developers and expert pen-testers in late 2022, offering payment in cryptocurrency to work in Syria. The group’s well-organized operations cover all major cybercrime interests, which could make them a major player in the cybercrime market.
Cyfirma believes that ARES is capitalizing on the shutdown of Breached to establish its position in the market and accelerate its growth. The group’s aggressive promotion and the closure of Breached hacker forum has attracted many users to their platform, which poses a significant threat to corporations and public authorities whose databases are at risk of being compromised.
