From Insikt Group:
New findings strongly suggest that the individual behind tessa88 may be Maksim Donakov of Penza, Russia, who operated under multiple different monikers on the dark web. It is possible that a second unknown individual was assisting Donakov in maintaining the tessa88 account, adhering to impeccable OPSEC procedures and until this day remaining anonymous. In either scenario, we firmly believe that Donakov Maksim has directly benefited from the sales of compromised databases and should be viewed as the main actor.
- tessa88’s criminal career likely began as early as 2012, before the breaches of LinkedIn, Dropbox, Yahoo, and others that were accredited to them. They likely created the alias tessa88 specifically to sell high-profile databases.
- Our analysis, based on discovered images of the real individual hiding behind the moniker tessa88 and underground forum discussions, allows us to assess with a high degree of confidence that tessa88 is a man and not a woman.
- Our analysis reveals that the moniker tessa88 is tied to aliases Paranoy777, Daykalif, and tarakan72511. All share similar social media photos that are nearly identical to a passport photo of Maksim Donakov, who is the individual behind Paranoy777.
- Our research suggests that Donakov, Maksim Vladimirovich (Донаков, Максим Владимирович), is a resident of the Russian Federation.
Read more of their analysis and attribution on Recorded Future.