Pongo

Pongo is a threat actor identified in the cybersecurity world for its malicious activities. The persona "Pongo" first came to light in 2023 when it was discovered as an active participant on Breach Forums, an English-language dark web forum known for illicit activities. Pongo, however, distinguished itself from other threat actors by openly admitting its fraudulent operations rather than maintaining anonymity or denying involvement. On March 2nd, Pongo issued a statement revealing the group's true nature and activities. Contrary to earlier speculations, Pongo clarified that they were not a Ransomware as a Service (RaaS) operation but self-proclaimed "professional fraudsters." They claimed to have successfully executed multiple scams, including extracting $16,000 from individuals paying for access to a non-existent ransomware called Mogilevich, $7,000 from people believing they were purchasing stolen cryptocurrency accounts, and a significant $85,000 from an individual who thought they were buying sensitive exfiltrated data. In a surprising move, Pongo didn't just confess their fraudulent activities but also provided insights into their scamming process. When questioned about the reason behind this revelation, Pongo stated that it was done to illustrate their scam's mechanics. They further described themselves not as hackers, but as "criminal geniuses." This open admission and detailed explanation of their operations reflect a unique approach among threat actors, which typically operate covertly. Such transparency underscores the evolving dynamics within the cybercrime landscape.