Full Report
Kosovo national Liridon Masurica has pleaded guilty to running BlackDB.cc, a cybercrime marketplace that has been active since 2018. [...]
Analysis Summary
# Threat Actor: Liridon Masurica (BlackDB Admin)
## Attribution & Identity
The threat actor is Liridon Masurica, a Kosovar national arrested in Kosovo on December 14, 2024, and extradited to the United States in May 2025.
**Known Aliases and Associated Groups:**
* **Online Alias:** @blackdb
* **Associated Group/Platform:** Operator/Lead Administrator of the BlackDB.cc cybercrime marketplace.
## Activity Summary
Liridon Masurica pleaded guilty to running BlackDB.cc, a cybercrime marketplace operational from 2018 to 2025. The marketplace was used to sell large volumes of compromised data to facilitate further criminal activities.
## Tactics, Techniques & Procedures
The actor's primary technique was operating a centralized online marketplace for illicit trade (selling stolen data).
* **Specific TTPs:** Facilitating the sale of compromised accounts, server credentials, stolen credit card information, and Personally Identifiable Information (PII).
* **MITRE ATT&CK IDs:** (None explicitly mentioned in the text, but T1538 - C2 Infrastructure and T1518 - Software Discovery/Collection related to data harvesting precede the sale.)
## Targeting
* **Sectors:** Implied B2C/Financial sectors due to the sale of credit card data; general organizations/individuals whose server credentials were stolen.
* **Geography:** Victims primarily focused on individuals from the **United States**, although the marketplace sold data belonging to victims worldwide.
* **Victims:** Unspecified individuals and entities whose data (credentials, credit cards, PII) was compromised and subsequently listed for sale.
## Tools & Infrastructure
* **Malware Families Used:** None explicitly mentioned, as the focus is on the sales platform.
* **Infrastructure:** BlackDB.cc (cybercrime marketplace).
## Implications
The dismantling of BlackDB.cc removes a significant supply chain risk for other cybercriminals, specifically those engaging in credit card fraud, tax fraud, and identity theft deriving from large-scale data compromise. The successful extradition and prosecution demonstrate international cooperation (FBI, Kosovo Police) against established cybercrime infrastructure.
## Mitigations
* Implement robust security measures to prevent the compromise of server credentials and PII.
* Regularly monitor for internal or external indicators that organizational data might be listed on dark web marketplaces.
* Stay vigilant against fraud activities (credit card fraud, identity theft) that rely on purchasing stolen data.