New Dark Web Forum "Kurd Hacker Forum" Targets Middle Eastern Data Breaches
A recently launched dark web platform, the Kurd Hacker Forum, has quickly gained traction as a hub for alleged data breaches from Iraq, Syria, and Turkey. Registered on January 28, 2026, the forum has amassed over 800 members in less than two weeks, adopting a structure similar to defunct predecessors like BreachForums and RaidForums.
The forum features specialized sections for sharing stolen databases, cracking tools, compromised credentials, malware, and exploits all posted in both English and Kurdish. Among the claimed breaches are sensitive datasets from Turkish, Iraqi, and Syrian government and institutional entities, including:
- Turkey: COVID-19 vaccination records, Turknet customer data, and Aydın Adnan Menderes University databases.
- Iraq: Traffic records, Federal Police data, citizen databases, political prisoner records, and Al-Hashd Al-Shaabi (Popular Mobilization Forces) files.
- Syria: Ministry of Health databases.
The forum’s staff includes four administrators, six super admins, and a single "Cyber Shield" member, with "Dr.Scouser" a prominent super admin identified as a key figure. Despite its rapid growth, the platform’s operational security appears lax, with an accessible admin panel raising concerns about potential law enforcement infiltration.
The emergence of the Kurd Hacker Forum highlights a growing trend of regionally focused cybercriminal activity, with its swift expansion and alleged backing from established threat actors suggesting it could become a major conduit for Middle Eastern data breaches.
Turknet TPRM report: https://www.rankiteo.com/company/turknet
Aydın Adnan Menderes University TPRM report: https://www.rankiteo.com/company/aduteknovasyon
Ministry of Health TPRM report: https://www.rankiteo.com/company/ministry-of-foreign-affairs-turkey
"id": "minturadu1771057525",
"linkid": "ministry-of-foreign-affairs-turkey, turknet, aduteknovasyon",
"type": "Breach",
"date": "1/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Telecommunications',
'location': 'Turkey',
'name': 'Turknet',
'type': 'Telecommunications'},
{'industry': 'Education',
'location': 'Turkey',
'name': 'Aydın Adnan Menderes University',
'type': 'Educational Institution'},
{'industry': 'Healthcare/Government',
'location': 'Turkey',
'name': 'Turkish Government (COVID-19 vaccination '
'records)',
'type': 'Government'},
{'industry': 'Law Enforcement',
'location': 'Iraq',
'name': 'Iraqi Federal Police',
'type': 'Government'},
{'industry': 'Defense',
'location': 'Iraq',
'name': 'Al-Hashd Al-Shaabi (Popular Mobilization '
'Forces)',
'type': 'Military/Paramilitary'},
{'industry': 'Government',
'location': 'Iraq',
'name': 'Iraqi Government (Traffic records, citizen '
'databases, political prisoner records)',
'type': 'Government'},
{'industry': 'Healthcare/Government',
'location': 'Syria',
'name': 'Syrian Ministry of Health',
'type': 'Government'}],
'attack_vector': 'Dark Web Forum',
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['COVID-19 vaccination records',
'Customer data',
'University databases',
'Traffic records',
'Federal Police data',
'Citizen databases',
'Political prisoner records',
'Military files',
'Health databases']},
'date_detected': '2026-01-28',
'description': 'A recently launched dark web platform, the *Kurd Hacker '
'Forum*, has quickly gained traction as a hub for alleged data '
'breaches from Iraq, Syria, and Turkey. The forum features '
'specialized sections for sharing stolen databases, cracking '
'tools, compromised credentials, malware, and exploits. It has '
'claimed breaches of sensitive datasets from government and '
'institutional entities in Turkey, Iraq, and Syria.',
'impact': {'data_compromised': 'Sensitive government and institutional '
'datasets',
'identity_theft_risk': 'High'},
'initial_access_broker': {'data_sold_on_dark_web': 'Likely'},
'investigation_status': 'Ongoing',
'motivation': 'Financial gain, political or regional targeting',
'post_incident_analysis': {'root_causes': 'Lax operational security, regional '
'cybercriminal activity growth'},
'references': [{'source': 'Dark Web Forum Analysis'}],
'threat_actor': 'Kurd Hacker Forum (Dr.Scouser and other administrators)',
'title': 'Emergence of Kurd Hacker Forum Targeting Middle Eastern Data '
'Breaches',
'type': 'Data Breach'}