Disrupting Russian Cybercrime: WWH-Club Admins Arrested
2024-8-9 06:46:54 Author: flashpoint.io(查看原文) 阅读量:3 收藏

US authorities have charged two administrators of WWH-Club, one of the largest Russian-language cybercrime forums. According to the criminal complaint, Russian national Pavel Kublitskii and Kazakhstan native Alexandr Khodyrev served as administrators and moderators of WWH-Club, as well as Skynetzone, Opencard, and Center-Club. They allegedly operated their criminal enterprise from abroad but sought asylum in the United States in December 2022.

Despite their arrests, WWH-Club remains online and operational. In addition, it appears that WWH-Club and its other administrators are attempting to distance themselves from Kublitskii and Khodyrev—claiming that they were only moderators and did not have administrative rights to the forum. This contradicts the details released in the official criminal complaint. 

Flashpoint has also found that WWH-Club has deleted Kublitskii’s and Khodyrev purported accounts and is offering its current members the opportunity to change their screen names. This could potentially be a countermeasure to obscure any potential follow-on investigations.

What is the WWH-Club?

WWH-Club appeared in 2012, and is considered one of the largest Russian-language carding forums. The forum serves as an entry-level venue for larger and more established forums, like Exploit and XSS. WWH-Club set itself apart by its function as a market and forum to discuss fraud tactics, techniques, and procedures (TTPs) and services, also offering tutorials and courses for threat actors looking to pick up carding and fraud skills. As of March 2023, WWH-Club boasted over 353,000 registered users, with a staggering 112,000 active users in a mere 72-hour period.

In addition to offering such tutorials, the forum earns revenue from its own escrow service and selling advertisement space. Apart from these, the following services, among others, are integrated into the main page of the forum:

  • Automatic forum escrow 
  • Escrow Service 
  • Mixer BTC
  • USA bank/fullz
  • Advertisement
  • Paid status upgrade
  • Forum fees  
  • b1ack’s Stash market updates and communication thread 

Additionally, there were multiple conversations dedicated to the following topics: 

  • Botnets 
  • Exploits 
  • Fullz
  • Network Accesses 
  • Stolen Login Information

WWH-Club’s lucrative “education” program

WWH-Club approached cybercrime as a business, offering comprehensive “carding” courses, teaching members how to use stolen credit card data. These courses cost around $975 USD and lasted six weeks, complete with homework and exams.

The forum charged various fees for commercial posts, ranging from approximately $130 to $780 USD, depending on the topic.

The administrators themselves appeared to profit handsomely from the forum. For instance, one Bitcoin cluster associated with the administrators received nearly 4,000 deposits totaling approximately 152 Bitcoin (worth about $961,000 USD) over a nine-year period.

The never-ending battle against cybercrime

The case of WWH-Club provides a rare glimpse into the scale and sophistication of modern cybercrime operations. It demonstrates the need for continued international cooperation in law enforcement and cybersecurity efforts. As cybercriminals become more organized and business-oriented, our approach to combating them must evolve as well.

Cybercrime is a perpetual cycle and we’ve already seen the constant tug-of-war between authorities and threat actors. Recent events, such as the alleged shutdown and re-emergence of ALPHV and LockBit, and the numerous takedowns of Breach Forums, demonstrate both the successes and challenges in this ongoing battle.

Stay ahead using Flashpoint

The WWH-Club arrests are a victory, but the fight against cybercrime continues. Organizations need comprehensive, actionable, and timely threat intelligence to protect themselves against the machinations of illicit forums and marketplaces.

Sign up for a demo and see for yourself how Flashpoint intelligence helps security teams stay ahead of evolving threats.


文章来源: https://flashpoint.io/blog/wwh-club-russian-cybercrime/
如有侵权请联系:admin#unsafe.sh