Cyber Security News

Russia Seizes Four Major Dark Web Carding Estimated $263M in Crypto Sales

Recently, Four Major Illicit DarkWeb sites have been taken down by the Russian Ministry. 

  • Sky-Fraud
  • Trump’s Dumps
  • UAS Store
  • Ferum Shop

Millions of payment card details are stolen from retailers and payment companies every day and are sold in the Darkweb market for crypto assets. Cybercriminals use these cards to purchase items online which can then be sold to make cash. This method was popularly called “Carding”

The Fall of Stolen Credit Card Market

The Stolen Credit card market has been on the fall since many of the vendors were either ending their sites or taken down by the authorities. The market contributes to nearly $263 million collections overall. Last year, Joker’s Stash one of the largest Stolen credit card vendors shut down its operations followed by UniCC this year which was the second-largest vendor.

Ferum Shop and Trump’s Dumps, Two of the major Stolen Credit card vendors that were active were seized by the Russian Authorities. When Joker’s Stash left the market, UniCC became the market leader, and shortly after UniCC shut down Ferum Shop was the leader. Ferum shop was established in October 2013 and has earned over $256 million in Bitcoin through stolen card sales.

Trump’s Dump is a magnetic strip data vendor. Trump’s Dumps is infamous for using the image of President Donald Trump’s picture for branding. Altogether, Trump’s Dumps is estimated to have made around $4.1 million since 2017.

Sky-Fraud – Trump’s Dump and Ferum Shop

Sky-Fraud is one of the major carding forums used by cybercriminals for discussions on carding methods and other money laundering tips. Both the sites Trump’s Dump and Ferum Shop were popularly discussed on the Sky-Fraud forum. In addition to the seizure of carding vendors, Russian authorities have also taken down the Sky-Fraud forum with a note that translates to “Which one of you is next?

UAS Store – RDP Credentials Vendor

Since many of the workers were working from home during the pandemic, many companies issued the access for RDP (Remote Desktop Protocol) for employees to access their work systems remotely.  Hackers infiltrate poorly configured company networks and steal the RDP credentials of victims and posted them in the UAS Store.

Cybercriminals who wish to take down a corporate network or disrupt a company’s structure and operation can use this site to gain access to the system inside the corporate network.

UAS store has been active since 2017 and is estimated to have made around $3 million in cryptocurrency. As per the Elliptic report, nearly $862,000 was made during the pandemic. Authorities have shut down this website also.

Derailed Dark Web Market

The DarkWeb market seems to have stumbled upon the seizure of major vendors. Recent seizures came just after the retirement of UniCC and LuxSocks. UniCC is said to have gone offline just after the announcement and not as they promised. It has been confirmed that Russian authorities were behind UniCC retirement.

Latest seizures are expected to have covered 50% of the stolen credit card market and many of the major vendors are seemed to be planning for retirement as authorities might be knocking on their door anytime soon.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Guru Baran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

NSA Announces Retirement of Cybersecurity Director Rob Joyce

In a significant announcement from the National Security Agency (NSA), Rob Joyce, the esteemed Director…

14 hours ago

Signal Introduces Username to keep Your Phone Number More private

Signal, the privacy-focused messaging app, has introduced a significant update allowing users to keep their…

14 hours ago

Google Chrome 122 Released With Fix For Critical Security Flaws

Google has announced the release of Chrome 122, marking a pivotal moment for the popular…

19 hours ago

ScreenConnect Security Flaw Let Attackers Bypass Authentication

In a critical security advisory, ConnectWise has alerted users of its ScreenConnect remote access software…

21 hours ago

Authorities Warns Of North Korean Attackers Stealing Military Technologies

Threat actors target military technologies to gain a strategic advantage, access classified information, and compromise…

24 hours ago

LockBit Ransomware Infrastructre taken Down by Global Law Enforcement Agencies

In a significant blow to the global ransomware landscape, international law enforcement agencies have successfully…

2 days ago