INSPECTING ARCHIVED INTELLIGENCE (OUTDATED VERSION).
Russian authorities arrest suspected LeakBase owner
| 2026-03-26 12:50 HIGH LOWExecutive Summary AI-generated
The arrest of a suspected owner and administrator of LeakBase, a major online cybercrime forum used by hackers to buy and sell stolen data and hacking tools, has sent shockwaves through the global cybersecurity community. The Russian state-owned news agency TASS reported that Irina Volk, a spokesperson for Russia's Ministry of Internal Affairs, accused the suspect of creating the platform. This move is part of an international joint operation coordinated by Europol, known as "Operation Leak," which saw law enforcement agencies from 14 countries take down the forum in March 2026. The arrest highlights the growing threat posed by cybercrime platforms and underscores the importance of cooperation between nations to combat these threats.
Technical Mitigations AI-generated
* Implement a robust firewall and intrusion detection system to monitor network traffic and block suspicious activity.
* Conduct regular security audits and penetration testing to identify vulnerabilities and weaknesses in the organization's systems and networks.
* Use secure communication protocols, such as HTTPS and SFTP, for all online transactions and data exchanges.
* Regularly update and patch operating systems, applications, and software to ensure that known vulnerabilities are addressed.
Intelligence Metadata
Actors / Malware / CVEs / Campaigns
Operation LeakOperation Leak
Target & Sectors
RU
Incident Timeline
March 2023
Russia's military intelligence agency, GRU, arrested the suspected owner of LeakBase cybercrime forum.
Click on any entity below to view its context and source!
organisation
ARES
LeakBase surfaced in 2021 as a project supported by the ARES threat group, gradually growing its user base to over 142,000 members after the
Breached hacker forum
shut down in March 2023.
data_breach
142,000 members
LeakBase surfaced in 2021 as a project supported by the ARES threat group, gradually growing its user base to over 142,000 members after the
Breached hacker forum
shut down in March 2023.
March 3
Law enforcement agencies carried out coordinated actions worldwide on March 3, resulting in the arrest of suspected owners and disruption of the LeakBase cybercrime forum.
Click on any entity below to view its context and source!
general_metric
100 interventions
On March 3, law enforcement agencies carried out coordinated actions worldwide, including arrests, house searches, and about 100 interventions targeting 37 of the most active users of the LeakBase forum.
general_metric
37 interventions
On March 3, law enforcement agencies carried out coordinated actions worldwide, including arrests, house searches, and about 100 interventions targeting 37 of the most active users of the LeakBase forum.
3 March
Russia's authorities arrested the suspected owner of LeakBase cybercrime forum.
Click on any entity below to view its context and source!
attribution
LeakBase
Leakbase seizure banner (BleepingComputer)
"On 3 March, law enforcement authorities carried out coordinated enforcement actions across multiple jurisdictions, including arrests, house searches, and 'knock-and-talk' interventions.
attribution
BleepingComputer
Leakbase seizure banner (BleepingComputer)
"On 3 March, law enforcement authorities carried out coordinated enforcement actions across multiple jurisdictions, including arrests, house searches, and 'knock-and-talk' interventions.
4 March
Russia's authorities seized the domain of LeakBase, a cybercrime forum suspected of hosting illicit content.
2026-03-26
Russian authorities arrested the suspected owner of LeakBase, a cybercrime forum used to trade stolen data.
Click on any entity below to view its context and source!
organisation
LeakBase
Russia arrests suspected owner of LeakBase cybercrime forum.
The detained Taganrog resident is suspected of administering “one of the largest international hacker platforms, LeakBase,” the agency’s source said.”
organisation
TASS
According to a report from the Russian state-owned news agency TASS, Russian Ministry of Internal Affairs spokesperson Irina Volk, who announced the arrest,
said
the unnamed suspect is also accused of creating the LeakBase hacker platform.
Law enforcement officials told TASS.”
reported
the Russian agency TASS.
organisation
Russian Ministry of Internal Affairs
According to a report from the Russian state-owned news agency TASS, Russian Ministry of Internal Affairs spokesperson Irina Volk, who announced the arrest,
said
the unnamed suspect is also accused of creating the LeakBase hacker platform.
organisation
Taganrog
The suspect, from Taganrog, is accused of running the platform since 2021.
organisation
the Federal Bureau of Investigation
In early March, the Federal Bureau of Investigation
seized
the LeakBase cybercrime forum
(leakbase[.]la
), a platform used to trade hacking tools and stolen data.
organisation
Europol
Europol supported the operation by mapping the forum’s infrastructure and analyzing user activity, linking suspects, victims, and evidence across borders.
organisation
SecurityAffairs
Follow me on Twitter:
@securityaffairs
and
Facebook
and
Mastodon
Pierluigi Paganini
(
SecurityAffairs
– hacking, LeakBase cybercrime forum)
victims
147,000 users
Active for four years, the platform had over 147,000 users who bought, sold, and used the data for fraud.
March 2026
The FBI arrested suspected owners of the LeakBase cybercrime forum.
Click on any entity below to view its context and source!
campaign
Operation Leak
In March 2026, the FBI and law enforcement agents in 14 other countries
took down the LeakBase cybercrime forum
in an international joint operation coordinated by Europol, known as "Operation Leak."
Investigators also executed search warrants, conducted interviews, and made arrests in the United States and across Australia, Belgium, Poland, Portugal, Romania, Spain, and the United Kingdom.
attribution
Europol
In March 2026, the FBI and law enforcement agents in 14 other countries
took down the LeakBase cybercrime forum
in an international joint operation coordinated by Europol, known as "Operation Leak."
Investigators also executed search warrants, conducted interviews, and made arrests in the United States and across Australia, Belgium, Poland, Portugal, Romania, Spain, and the United Kingdom.
Around 100 enforcement actions were conducted worldwide, including measures against 37 of the most active users of the platforms,"
Europol said at the time
.
general_metric
14 countries
In March 2026, the FBI and law enforcement agents in 14 other countries
took down the LeakBase cybercrime forum
in an international joint operation coordinated by Europol, known as "Operation Leak."
Investigators also executed search warrants, conducted interviews, and made arrests in the United States and across Australia, Belgium, Poland, Portugal, Romania, Spain, and the United Kingdom.
source_region
United States
In March 2026, the FBI and law enforcement agents in 14 other countries
took down the LeakBase cybercrime forum
in an international joint operation coordinated by Europol, known as "Operation Leak."
Investigators also executed search warrants, conducted interviews, and made arrests in the United States and across Australia, Belgium, Poland, Portugal, Romania, Spain, and the United Kingdom.
source_region
Australia
In March 2026, the FBI and law enforcement agents in 14 other countries
took down the LeakBase cybercrime forum
in an international joint operation coordinated by Europol, known as "Operation Leak."
Investigators also executed search warrants, conducted interviews, and made arrests in the United States and across Australia, Belgium, Poland, Portugal, Romania, Spain, and the United Kingdom.
source_region
Belgium
In March 2026, the FBI and law enforcement agents in 14 other countries
took down the LeakBase cybercrime forum
in an international joint operation coordinated by Europol, known as "Operation Leak."
Investigators also executed search warrants, conducted interviews, and made arrests in the United States and across Australia, Belgium, Poland, Portugal, Romania, Spain, and the United Kingdom.
source_region
Poland
In March 2026, the FBI and law enforcement agents in 14 other countries
took down the LeakBase cybercrime forum
in an international joint operation coordinated by Europol, known as "Operation Leak."
Investigators also executed search warrants, conducted interviews, and made arrests in the United States and across Australia, Belgium, Poland, Portugal, Romania, Spain, and the United Kingdom.
source_region
Portugal
In March 2026, the FBI and law enforcement agents in 14 other countries
took down the LeakBase cybercrime forum
in an international joint operation coordinated by Europol, known as "Operation Leak."
Investigators also executed search warrants, conducted interviews, and made arrests in the United States and across Australia, Belgium, Poland, Portugal, Romania, Spain, and the United Kingdom.
source_region
Romania
In March 2026, the FBI and law enforcement agents in 14 other countries
took down the LeakBase cybercrime forum
in an international joint operation coordinated by Europol, known as "Operation Leak."
Investigators also executed search warrants, conducted interviews, and made arrests in the United States and across Australia, Belgium, Poland, Portugal, Romania, Spain, and the United Kingdom.
source_region
Spain
In March 2026, the FBI and law enforcement agents in 14 other countries
took down the LeakBase cybercrime forum
in an international joint operation coordinated by Europol, known as "Operation Leak."
Investigators also executed search warrants, conducted interviews, and made arrests in the United States and across Australia, Belgium, Poland, Portugal, Romania, Spain, and the United Kingdom.
source_region
United Kingdom
In March 2026, the FBI and law enforcement agents in 14 other countries
took down the LeakBase cybercrime forum
in an international joint operation coordinated by Europol, known as "Operation Leak."
Investigators also executed search warrants, conducted interviews, and made arrests in the United States and across Australia, Belgium, Poland, Portugal, Romania, Spain, and the United Kingdom.
attribution
FBI
In March 2026, the FBI and law enforcement agents in 14 other countries
took down the LeakBase cybercrime forum
in an international joint operation coordinated by Europol, known as "Operation Leak."
Investigators also executed search warrants, conducted interviews, and made arrests in the United States and across Australia, Belgium, Poland, Portugal, Romania, Spain, and the United Kingdom.
organisation
IP
The seizure banner also notes that the forum's database and its contents, including private messages and IP logs, will be used as evidence in future investigations.
organisation
RaidForums
"
LeakBase was shut down after law enforcement took down
RaidForums in 2022
and
BreachForums in 2023
, two other major cybercrime marketplaces that preceded it.
organisation
BreachForums
"
LeakBase was shut down after law enforcement took down
RaidForums in 2022
and
BreachForums in 2023
, two other major cybercrime marketplaces that preceded it.
organisation
The Red Report 2026
The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.
Tactical Metrics
Metrics
victims
147,000
Users
Click for context!
Active for four years, the platform had over 147,000 users who bought, sold, and used the data for fraud.
Metrics
data_breach
142,000
Members
LeakBase surfaced in 2021 as a project supported by the ARES threat group, gradually growing its user base to over 142,000 members after the
Breached hacker forum
shut down in March 2023.
Intelligence Sources
Security Affairs
2026-03-26
BleepingComputer
2026-03-26
Russia arrests suspected owner of LeakBase cybercrime forum
BleepingComputer
Unpublish from Social Media?
Are you sure you want to delete this podcast video from all synchronized social networks (YouTube, Facebook, Threads)?
Important:
Due to Meta API restrictions, Instagram Reels cannot be deleted automatically via API by third-party apps.
View Profile to Delete Manually
View Profile to Delete Manually
Tactical Intelligence
Report Intelligence Issue
Podcast Options
Generate
Incident Version History
CURRENT VERSION
Last Updated: 2026-04-27T11:39
Comprehensive Tactical Telemetry
Highly Correlated Entities
12x
organisation
Identified Entity
TASS
entity
9x
source region
Origin Country
Russian Federation
country
8x
timeline
Temporal Reference
2021
date
7x
attribution
Attributing Entity
LeakBase
authority
2x
tactic
Cyber Operation Type
Phishing
tactic
2x
general metric
Interventions
100
interventions
Contextual Telemetry
Context Block
9 METRICS
target region
Target Country
Russian Federation
country
campaign
Campaign
Operation Leak
operation
general metric
Countries
14
countries
victims
Users
147,000
users
data breach
Members
142,000
members
tactic
MITRE ATT&CK Technique
T1588.001 - Malware
technique
general metric
Red Report
2,026
red report
general metric
Malicious Samples
1,100,000
malicious samples
general metric
Top Techniques
10
top techniques
Click on any entity below to view its context in the main text!
Selective Unpublish
Selecciona las redes de las que quieres eliminar esta publicación. El sistema intentará borrar el post real de la API y limpiará la base de datos para que puedas volver a lanzarlo.
By navigating this website, you accept the use of strictly necessary technical cookies for session security and basic platform functionality. We do not use tracking or advertising cookies.
Read our Privacy Policy.