WEBINAR | A Deep-Dive into 2023 Cyber Threats
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
April 18, 2024
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
More results...
Imagine logging on to your favorite e-commerce site, finding your favorite author’s newest book for sale, making the purchase, and then… nothing. Your payment has been taken but no book ever arrives in a neat package on your doorstep. Then when you try to contact customer support, they have vanished too!
Tough luck, you think, but luckily there are other sites I can use. Yet when you try to access other e-commerce platforms, they all seem to be down.
Something is going on.
You do some digging online and check with other users who have experienced the same issues, and soon you know exactly who to blame for all the inconvenience: your favorite site that failed to deliver the book!
Not only have they taken your money, but they are also responsible for taking down the other sites you tried. What gives?
Now imagine that your favorite online store is actually the dark web marketplace, Apollon, the book you wanted to buy is some illicit product or service, and the other e-commerce platforms you try are in fact Apollon’s competitor sites. The above scenario then becomes exactly what many users in the dark web community have experienced over the past couple of months.
Since late January 2020, Apollon has allegedly been conducting an “exit scam” while carrying out an extensive Distributed Denial-of-Service (DDoS) campaign targeting several prominent English-language forums and marketplaces. Exit scamming—running away with all of the users’ money deposited into a cybercriminal site—is quite common on the dark web market scene, but targeting a number of dark web forums and marketplaces in an extensive DDoS campaign at the same time is very unusual behavior for marketplace administrators.
This new tactic did not go unnoticed and created a stir in the community. What was really going on? The immediate response from many has been to complain loudly, then simply abandon Apollon (cybercriminals don’t like being the victims of deception apparently… ironic, some may say…).
So, is this soap opera-worthy double hoax going to be the season finale for Apollon? Probably not…
According to a user on the cybercriminal forum Torum, Apollon began the exit scam process on the 26th of January 2020. Although the exact date of the exit scam’s beginning cannot be confirmed, it was around this time that various comments and threads emerged on several forums (including Torum, Reddit, and Reddit’s darker cousin Dread) stating that Apollon was indeed exit scamming.
One Dread user gave an early warning of the Apollon exit scam on the 28th of January, indicating that vendors had been locked out of their accounts and the ability to withdraw funds from the market had been disabled, although customers could still login and deposit funds without issue. Similar comments soon followed: Users shared their experience of losing money and access, the Torum administrators added a banner on their forum warning about the exit scam, and the owner of Kilos, the dark web search engine, announced that they would be delisting Apollon from Kilos’ index.
At the same time, the cybercriminal community experienced two waves of DDoS attacks. The first wave was advertised on Torum by user “42W242W2”, who indicated that the dark web services The Hub, Envoy, and Apollon would be offline throughout the day. However, it later transpired that although both The Hub and Envoy were indeed inaccessible, Empire marketplace had instead taken the place of Apollon, with the latter remaining unaffected.
The second wave of DDoS attacks occurred not long after. However, this time the impact was much wider, and the attacks affected even more forums and marketplaces simultaneously, including Torum, Empire, Dread, DarkBay, DarkMarket, Avaris Market, Envoy, The Hub, Avengers, and possibly other unreported platforms. (Incidentally, most of the affected sites were listed on the dark web repository service ‘Dark Fail’… coincidence?) Several of these platforms experienced downtime but some, like Torum and Dread, reacted quickly and provided mirror links or additional security measures so that users could access the forum as normal.
Dread prompting users to complete a CAPTCHA task due to “on-going DDOS attacks”
Chatter soon emerged claiming that Apollon, which remained unaffected during both DDoS waves, was in fact behind the ongoing DDoS attacks. Allegations started flying in all directions, turning the incident into a tale of he-said-she-said, with twists and turns that could compete against the most ardent soap opera plot on TV.
There are three possible motivations, or a combination of them, that could have led the Apollon administrators to conduct an exit scam and DDoS attacks at the same time, if the rumors are true.
There have been no official announcements from the Apollon administration team to counter or confirm any of the above claims. However, a user purporting to be an Apollon moderator commented on Dread that the Apollon administrators orchestrated the entire operation themselves, keeping the remaining Apollon staff/affiliated users in the dark. All members of the Apollon moderation team allegedly lost their privileges, just like all other Apollon users, but so far no other Apollon affiliated users have confirmed or denied this allegation.
Alleged Apollon moderator claiming their innocence
The purported Apollon moderator made further comments on Dread, stating that the DDoS attacks were in fact conducted by a user called “gustav” and not the Apollon market staff as suggested. This was quickly disregarded with a counter claim by another Dread user who alleged that Apollon was in fact paying “gustav” for daily attacks, and that “gustav” had allegedly admitted to this. Procuring DDoS-as-a-Service is not uncommon in the cybercriminal underground but no further information could be sourced to validate these claims and “gustav” remains a ghost in the dark for the time being.
Claims of Apollon paying “gustav” for DDoS services
With so many allegations against Apollon swirling within the community, you would almost expect Apollon to pack its bags and disappear, repeating the life cycle of so many other of its predecessors, such as Evolution and Berlusconi. However, the actual “exit” has not yet happened. At the time of writing, Apollon is still online, and as recently as 03 Mar 2020 a Dread user indicated that Apollon still was exit scamming and stealing users’ deposits. Furthermore, Dread still displays a warning stating that “due to ongoing DDOS attacks” users are prompted to solve a CAPTCHA task in order to access the site, though this does not confirm whether the alleged DDOS attacks from Apollon are still ongoing.
The Apollon exit scam story with a DDoS twist appears to leave us with a cliffhanger for now.
Will they bail out?
Will the administrators simply abandon and leave the marketplace to languish?
Or will Apollon live on and redeem itself as one of the most popular marketplaces in the dark web community?
Apollon will likely continue to exit scam and live on as long as unknowing users keep using the market and depositing funds. We have seen it before with Empire Market. Empire has been known for its controversies in the past, yet it still lives on and recently hit its 1 millionth member mark.
Marketplaces remain a popular resource for cybercriminals, and as long as there is demand, there will always be another platform ready to supply the community’s needs.
The behavior of the Apollon administrators is not likely to change this trend and, as very eloquently put by a Dread user, “No ones scared off by exit scams. We just move on. [sic]”