‘DDoS Guard’ Hacked, Database and Source Code Made Available for Purchase

• Someone is claiming to be holding everything about ‘DDoS Guard’ and its customers.
• The dataset includes source code and a full database dump, while the asking price is $350,000.
• The authenticity of the hack and sale hasn’t been confirmed yet, but if that data has leaked, we will get to know soon.

The Russian online infrastructure services provider ‘DDoS Guard’ appears to have been hacked, as someone has posted its full source code dump and also its entire database for sale on Exploit[.]in, a popular hacker forum. This was spotted first by Group-IB, and by using KELA’s cyber-intelligence tools to access older posts that are no longer up, we were able to confirm it from our side as well. The starting price for the entire pack was set to $500,000, but within an hour, this was dropped down to $350,000.

The data set includes the following:

• Full source code dump for DDoS Guard’s entire infrastructure, backend, frontend, and network filtering/blocking.
• Full database dump containing customer names, site, real IP addresses, payment information, etc.

The particular platform is offering DDoS protection and anonymity to websites that don’t exactly operate within a legal context, like pirate sites, for example. One recent notable case is Parler, the social media platform that was left without technical support from virtually all big tech firms following the January U.S. Capitol raid. Parler was accused of fostering violence and sociopolitical unrest, so in order to return online, it had to resort to deals with shady companies like DDoS Guard.

One thing to note here is that the seller hasn’t provided a sample of the data, so there’s no way to verify the authenticity of the reported hack. As Oleg Dyorov (a threat intelligence analyst at Group-IB) details, the particular user registered an account on exploit[.]com in January 2021 and has since been looking to buy access to various corporate networks. The user hasn’t made any deposits on the forum and has no reputation, so there’s no way to tell if this is a scam or a real sale.

If the data is indeed valid, their value would be quite high - although we can’t really comment on the actual price tags set by the seller in this case. There are many copyright holders and other interested stakeholders that would like to know the identities of the operators of sites that DDoS Guard supports, so we would imagine that many different entities would be willing to pay significant amounts of money for this info.