In this interview we had the pleasure to interview ALPHV Admin (hhxxps[:]//t[.]me/ALPHV_Admin), the founder of the ALPHV forum (hxxps[:]//alphv[.]pro/). Here is the full interview:

Origins and Motivation

1. When was the forum born?

The forum was created in 2011

2. Is the forum name related to the BlackCat/ALPHV ransomware gang or does the name have another origin?

The forum is not affiliated with the ALPHV/BlackCat group. The ALPHV/BlackCat group conducted an exit scam for $22 million. Initially, our forum was called Alphazine, but we adopted the name ALPHV since the original group no longer exists, and we are now the new group under this name.

3. What inspired you to create the ALPHV forum?

The creation of ALPHV was inspired by the “vacant” name at the time (joke). The forum underwent a rebranding due to an attack by law enforcement agencies on the primary domain, Alphazine. After weighing all the pros and cons, we decided not to change the forum’s name completely but rather refine it, making it more elegant and appealing.

4. When and how did the idea for the forum come about?

The forum was created in 2011. Like many other forum administrators, I was motivated by the desire to build my own community.

5. How has the forum evolved since its inception?

Initially, on the Alphazine forum, we planned to focus solely on carding – and that’s how it started. However, considering market realities and the people who joined us, we realized that limiting ourselves to carding was not enough.
We expanded our sections to include malware, cryptocurrencies, social networks, and, of course, RANSOMWARE, including RaaS services. The forum rules have been rewritten and updated multiple times, but one rule has always remained unchanged: work in former CIS countries is strictly prohibited – and this rule will never change!

6. Have you ever had any problems with the police?

Within the forum, we have indeed received requests to disclose UA data of certain users (which we simply ignore). We have also received requests from copyright holders or their representatives to remove specific information.
As for our own security – we have never had any issues. We always maintain a high level of protection in all aspects.

Purpose and Philosophy

7. What is the main goal of ALPHV?

The forum aims to actively develop in the field of cybersecurity, as well as knowledge and technology exchange. We are responsible to our users for the security of their data and the quality of the information provided on the forum

8. Do you have any ethical boundaries or rules for the forum?

Like most forums, we have rules and certain restrictions, primarily related to the topic of the forum. We are a forum dedicated to discussing issues in cyberspace. If we encounter users selling weapons or drugs, this is unacceptable for us, and such users are permanently banned, with their topics being removed. We also have the main rule of the forum — NOT to operate in the former CIS countries.

9. How do you moderate discussions and ensure quality content?

Moderation is carried out based on the forum rules or according to the situation. Most violations are reported to us by users, and we respond to them immediately. Regarding content, our team monitors many Western forums and blogs related to similar topics. If we find interesting information, we publish it on our forum. Our users also actively assist with this. In addition, we publish our own materials, especially on topics such 0day exploit, pentest, and malware development.

10. What do you think of recent statements regarding the fact that the US has temporarily suspended offensive cyber operations against Russian targets?

We believe that at the state level, this is positive news. However, for those involved in cybercrime, it is more negative news, as it increases the risk of our citizens being prosecuted for cybercrimes that the state might not have previously investigated.

Relationship with Threat Actors

11. Has ALPHV ever had interactions with known Threat Actors? Have you directly participated in offensive actions?

When it comes to the forum’s interaction with cybercrime groups, for a while, the ALPHV/BlackCat group was active on our forum. They had a banner on the forum and the status of a verified service provider. They also donated some money to support the forum. After they moved to an Exit Scam, we blocked them. Other groups have also visited and continue to visit our forum. We are happy to welcome everyone — welcome!

Regarding our interaction with other RaaS groups, our most active collaboration was with Phobos, GandCrab -> Sodinokiby/Revil, WannaCry, Petya, Conti, and Babuk. We also worked with other groups, but not for long periods. It all started for us in 2015. We are relatively well-known names in cybercrime forums. Of course, for security reasons, we won’t name them, but perhaps one day we will share who we really are on our ALPHV forum.

Yes, of course, we have experience in this area, as managing such a forum requires the necessary knowledge. I will not specify the exact actions we were involved in, but I can say that it was mentioned on Western federal TV channels

12. Have you seen changes in the types of users joining the forum over time?

Definitely. The world is changing, and social networks have significantly altered the user profile. For example, today most users visit forums like social media, and for them, the comfort of the forum and its adaptability to mobile devices are very important — otherwise, they simply won’t stay. This is crucial for new forum administrators: the mobility of the forum is key to attracting an active young audience. Moreover, more and more users, despite the number of crimes they themselves commit, don’t care at all about personal security, using simple tools like VPNs or the Tor browser. Most users visit such forums without any anonymization tools. In the past couple of years, there has also emerged a specific category of users who blatantly use AI to answer others’ questions on forums. The same applies to writing articles with AI. This, of course, is disappointing.

13. Have law enforcement or cybersecurity firms ever reached out to you?

Law enforcement agencies have tried to contact us, but we ignore them. Cybersecurity companies often reach out to us to fix vulnerabilities in their systems, and we also receive inquiries about very serious issues.

14. How do you handle members who engage in illegal activities?

If this activity does NOT violate the ALPHV forum rules, then such individuals are always welcome!

Future and Challenges

15. Regarding NoName057, what is your opinion about them? The common opinion within the Threat Intelligence community is that this group is made up of people with little experience, who do not have the ability to choose their targets well and that therefore the attacks they manage cause little real impact but that they instead exploit the media visibility that the media provides them.

Regarding the NoName057 group, while it is commonly believed that they consist of people with limited experience, it’s worth noting that even groups with lower levels of professionalism can have an impact, especially in the context of current information warfare. Indeed, NoName057 may struggle with choosing their targets or executing complex attacks, but their strategies seem more focused on attracting media attention and creating noise around their actions. This could be part of their goal — to gain visibility and use the media platform to further spread their ideology or create stress and uncertainty among their targets.

Groups with this approach may not cause significant long-term damage, but they can effectively use the media to spread their “agenda.” It’s also important to note that in cyberspace, even attacks with minimal real impact can have strategic significance if they are aimed at creating a negative image, intimidating, or simply distracting from more serious threats.

16. What are your long-term plans for ALPHV?

The main plan of the forum is its quality development and attracting professionals in the field of activity discussed on the forum.

17. Are there any new features or initiatives you’re planning?

Yes, of course, we always keep an eye on our competitors (forums), analyze the market, and select the most suitable features for maximum comfort in using the forum.

18. How do you see the cybersecurity landscape evolving, and how will Alphv adapt?

Undoubtedly, AI will increasingly dominate the cybersecurity field, as it is convenient, cost-effective, and fast — in many, if not all, areas of cybersecurity. We adapt to the political situation and the state of the cybercrime market, both in the present and in the near future.

19. Do you see the forum playing a role in responsible disclosure or cybersecurity research?

The ALPHV forum plays its role in responsible vulnerability disclosure and research in the field of cybersecurity, although our focus lies in more specialized areas such as pentest, malware development, and RaaS. We understand the importance of an ethical approach to vulnerability disclosure and support the responsible exchange of information that helps improve system security. However, our goal is not only to identify vulnerabilities but also to develop skills among cybersecurity professionals, which also involves working with real-world threats and next-generation risks. We always adhere to ethical standards within our community and aim to provide information that enhances knowledge and security without creating risks for innocent users.