NOTE: The data in this analysis has been obtained using public sources.
In this post I'll profile a novice Bulgaria-based cybercriminal that basically managed to obtain access to the database and shared it within several cybercrime-friendly forum communities making it publicly accessible including an in-depth overview of TAD Group which is basically a Bulgaria-based penetration testing company.
Real Name: Daniel Ganchev - Email: firstname.lastname@example.org
Sample URL of the cybercriminal involved in the campaign:
hxxp://instakilla.com/ - Email: email@example.com; firstname.lastname@example.org
Instagram Account: hxxp://www.instagram.com/instakilla_/
Bitcoin address used in the campaign: 3Ex6LeHorgRjkBmws4SsRZ3FXSJDXk5FhP
Sample additional domain known to have been used by the same individual: hxxp://18.104.22.168
Related URLs known to have participated in the campaign:
Sample Screenshot of the Original Letter Send to Journalists:
Let's take a closer look at the Bulgaria-based TAD-Group is basically a well-known penetration testing company currently running Bulgaria's largest and most popular hacking forum community - hxxp://www.xakep.bg which was recently blamed for Bulgaria's largest database leak in particular its founders and several employees in the context of performing an OSINT analysis basically highlighting some of the key functions of the company and its involvement in the incident.
Sample Company Logo:
Sample Photos of TAD Group Employees:
Sample TAD Group Photos: