This new tech communications-driven black market is thriving following the takedown of the infamous Hydra Market by German authorities. With over 17 million customers at the time it was dismantled in April 2022, Hydra was a honey pot for illegal drugs, stolen data, cyberattacks-for-hire, and fake documents for years. This void in the drug trade birthed “customized mobile apps and Instant Messengers (IM) including Telegram,” which are now the dark web cybercriminal communication gold standard, according to the report.
Criminals Are Communicating Via Custom Mobile Apps
According to Resecurity, current trends show a shift of operators moving from dark web forums to customized Android apps where customers can make illicit purchases and even send delivery instructions to couriers. When this is the case, cybercriminals can control their own communications infrastructure by destroying or wiping their apps at will to fend off law enforcement crackdowns. Furthermore, Resecurity identified seven black market drug shops that provided the modified apps, which are based on an engine called M-Club (CMS). “This CMS has been developed specifically for drug traffickers and is currently marketed on major underground communities,” Resecurity said. “Some of these mobile apps have been recently observed by our experts on seized mobile devices by law enforcement — they belong to several suspects involved in drug trafficking and other illegal operations.” The apps transfer information to customers, such as images indicating GPS coordinates of “packages” left by couriers, Resecurity added, as well as any other detailed notes left by sellers. “Typically, drug traffickers have become very careful in their tactics, and try to choose locations where it would be complicated to monitor,” and even use magnetic cases to hide packages, Resecurity said. Such apps available for download were found on dark web drug shops such as yakudza.top, tomford24.biz, 24deluxe.bix, pnts32.biz, flakka24.biz, and several others. The beginning of 2023 also saw a spike in illegal drug sales via Telegram, which “may confirm the interest of threat actors to migrate mobile communications and more actively leverage IMs,” the report said. Dark web sellers also notified their customers about moving to alternative channels as a security measure due to increased law enforcement activity. Cybercriminals made noticeable moves to Telegram in 2020 and 2021 as well, but the Hydra market crackdown has spiked migrations to unprecedented highs.
Key Products for Sale On the Dark Web
According to Resecurity, the most popular products for sale on the dark web continue to be “cocaine, hashish, and amphetamines,” sold by notorious sellers like Blacksprut, RuTOR, WayAway, and OMG!OMG! The report went on to say that one of the big sellers, Blacksprut, was hacked earlier this month resulting in buyer accounts and their communications being stolen and put up for sale for $250,000 on the dark web. The hack was announced by hacktivist groups DEANON and Killnet. These traffickers may have “roots connecting them with Eastern Europe and Eurasia, but also in the English-speaking world – Nemesis and Anon Market,” the report said. “Attacks on drug marketplaces may be interpreted as a possible fight for certain influence in that niche in the Dark Web and likely arranged by competing powers representing different groups involved in drug trafficking internationally,” the report said. The dark web also serves up a hefty amount of other criminal goods like malware and viruses. Cybersecurity firm Mandiant noted in a recent report that information stealers are available for free on some dark web markets. Stolen logins used to access organizations can also be bought there.
The ‘Post-Hydra’ Dark Web Market Ecosystem
At the moment, here are the top ten key marketplaces active after the shutdown of the Hydra market;
RuTor OMG!OMG! Blacksprut WayAway Kraken Solaris Nemesis Legalizer Mega Anon Market
RuTor leads the pack with about 300,000 members and is the largest dark web market on the large, Russian-speaking side of the dark web. It hosts over 2.2 million user posts and over 37,000 unique topics. “Like Hydra, users can find a variety of criminal goods and services solicited on this forum, including drugs and the precursor chemicals/reagents used to produce synthetic narcotics,” the report said. A variety of other criminal goods and services such as money laundering services, weapons, identity documents, hacking kits, and much more, are also hosted there. All of these markets leverage Asian supply chains to source illegal drugs and precursor agents, the report said. Resecurity expects new marketplaces, like Kraken, to keep popping up in the new dark web criminal ecosystem while the leaders listed above will fight for brand recognition. “The law enforcement community needs to develop new ways to monitor illegal drug trades in the Dark Web and adjust their tactics to the dynamically changing threat landscape,” the report said. Everything you need to know about the internet underworld can be found in our guide to the dark web. If you would like to visit the dark web for the first time, do not miss our piece on how to get on the dark web safely. If it is the marketplaces that interest you, consult our guide on how to stay safe on dark web marketplaces before venturing there.
