Full Report
The hackers are also suspected of being behind several cyber-attacks, including against the French Football Federation
Analysis Summary
# Threat Actor: BreachForums Operators (Suspected Affiliates)
## Attribution & Identity
Threat actors are four hackers, identified as being in their 20s, arrested by French authorities (Paris Police Prefecture's Cybercrime Unit - BL2C). They are suspected of involvement with the **BreachForums** dark web forum.
Known aliases associated with the group include: **ShinyHunters**, **Hollow**, **Noct**, and **Depressed**. The article notes the group is sometimes referred to as **ShinyHunters**.
## Activity Summary
The quartet was arrested for suspected administration of the **BreachForums** forum and for allegedly carrying out cyber-attacks of a "very high degree of technical complexity." The arrests took place on June 23, 2025, across Paris suburban areas, Normandy, and La Reunion.
## Tactics, Techniques & Procedures
* Carried out cyber-attacks of a very high degree of technical complexity.
* Specific TTPs beyond general "highly complex attacks" are not detailed in the provided text.
* No specific MITRE ATT&CK IDs were mentioned.
## Targeting
* Sectors: Electronics Retail, Telecommunications/Internet Service Provider, Government/Job Search Agency, Sports Federation.
* Geography: France and abroad (international victims implied).
* Victims:
* Boulanger (electronics retailer)
* SFR (major French internet/mobile operator)
* France Travail (government job-seeking agency)
* French Football Federation (FFF)
## Tools & Infrastructure
* Malware families used: None explicitly named.
* Infrastructure (C2, domains, IPs): No specific infrastructure details (URLs/IPs) were provided in the summary text.
## Implications
The arrests of high-level administrators and alleged perpetrators associated with BreachForums, alongside the successful prosecution of cyberattacks against critical French entities (telecom, government services), signal a significant law enforcement success in dismantling significant dark web infrastructure and holding sophisticated actors accountable.
## Mitigations
* Monitor for forum chatter or subsequent activity related to BreachForums, as the arrest of four members may not fully stop the platform's operations or related criminal activity.
* Review security posture against technically complex intrusion methods used against the named victims (Boulanger, SFR, France Travail, FFF).