Takedowns only slow activity
According to Jeremy Kirk, executive editor for cyber threat intelligence at research company Intel 471, police have been closing in on the individual groups represented in Scattered Lapsus$ Hunters for more than three years. This included arresting alleged members. Whether this damaged the group in the long run remained to be seen.
“Law enforcement has set precedents over the last few years by repeated take downs, and threat actors know it is riskier and riskier to administer these forums,” said Kirk. “From a cyber threat intelligence perspective, centralized forums provide much visibility into access brokering, data leaks and more.” However, he added, while “domain seizures are tactical victories, threat actors often have backups of their forum software and data and can launch the forums again.”
According to Kirk, “that activity doesn’t stop when forum infrastructure is disrupted, but scatters elsewhere to places such as Telegram, where it can be more challenging to follow.”
