successful incident investigations in Russia and Europe
of all high-profile investigation cases in the field of high-tech crime in Russia are supported by Group-IB experts
was returned to a client company
as the result of our investigation
DDoS attack investigation in Russia was conducted by Group-IB specialists in 2009
Any illegal action where a computer or digital media was used an instrument of crime can be investigated by our specialists. We identify the mechanisms, recreate the sequence of events, collect digital evidence, all leading us to the perpetrators of the crime to help bring them to justice.
The main goal of our investigation is to bring the perpetrators to justice. If necessary, we will continue to be involved in the case until a sentence is carried out, by consulting with lawyers, investigation officers, or providing testimony in court.
From our criminal investigative experience, we have deep knowledge of criminal schemes ranging from recruiting insiders and developing malicious programs to withdrawing and cashing out money, which enables us to immobilize the attackers before the businesses suffer major damage.
Each investigation is conducted by a special project team of experts. The data collection, search and analysis are performed by our specialists in the following areas:
Cyber intelligence analysis provided by Group-IB’s
Intelligence system, a network of honeypots HoneyNet, and innovative products developed by Group-IB enable us to see the complete picture of an incident, which is inaccessible to our competitors.
We leverage close cooperation with international law enforcement agencies to get the criminals, wherever they hide. On June 17, 2015 Europol’s European Cybercrime Centre (EC3) signed an MoU with Group-IB in order to establish cooperation in fighting cybercrime.
We are proud of our close cooperation with Interpol. During one of our recent joint operations Group-IB contributed to a series of actions as a part of an international police operation to disrupt the Dorkbot botnet server which was responsible for spreading malware designed to steal victim’s credentials for their online banking services.
Our clients can rely on our expert investigation as well as prompt assistance: CERT-GIB will help deal with the consequences of the incident while the Audit Department will protect your system from future attacks.
Asset and intellectual property misappropriation, products counterfeiting etc.
Espionage, raiding, commercial data breach and other abuse
Money theft, illegal use of brand and other crimes
Group-IB’s Lab has more than ten years of experience collecting and preserving digital evidence. We know what and how to search for on any data storage device, even if the data has been removed, hidden or encrypted.
We apply the most advanced equipment, software, and well-known Russian and foreign cyber forensic products to identify and collect evidence.
We use a set of mobile forensic tools to carry out a scene inspection and perform investigation activities, which enables us to collect evidence without affecting data integrity (preserving the data carrier in the evidence base) and conduct express on-site investigation.
In addition to the information itself the forensic analyst needs to know the history of data creation, access and use. We have developed innovative solutions which enable us to recreate criminal events second-by-second and discover malicious files, which antivirus cannot detect.
Malicious programs are analyzed by our special virus analysis division, whose primary function is to detect and preserve trails which lead to developers and operators of the attack.
Synergy of Group-IB forensic specialists and virus analysts’ activity provides prompt, complete and, most importantly, high-quality investigation.
Our high-quality expertise has gained the confidence of corporate clients and international law enforcement agencies.
Group-IB’s Lab is the only laboratory in Russia which specialists are certified by GIAC in Digital Forensics and Malware Analysis. Our expert results are guaranteed to be accepted as evidences both in Russian and foreign courts.
The group infected more than 1 mln Android devices with the Cron Trojan that stealthy transferred money from users’ bank accounts to accounts controlled by the criminals.
Total damage from Cron's activity amounted to approximately $800 000.
All (more than 20) gang members are arrested.
The group tried to steal about $1bln from the Central Bank of Bangladesh by exploiting weaknesses in the bank's security and compromised several Polish banks.
Group-IB research cemented the group’s connection to North Korea by providing a full analysis of all of Lazarus’ infrastructure and ultimate attribution.
The group developed platforms to spread malicious programs. Up to 40% of infections worldwide were conducted using their products on the Internet.
The group leader was arrested and sentenced to prison.
The hacker was involved in DDoS attacks against Tinkoff Bank, Alfa-Bank, Promsvyazbank, Kaspersky Lab and large Internet portals. He is known to have demanded payment to stop further attacks.
Found guilty according to the Russian legislation.
The group created a botnet designed to conduct paid DDoS attacks. Hackers targeted several British and Russian companies, including one of the top 10 Russian largest banks.
The group leader has been arrested.
The largest criminal gang in Russia managed to infect over 1.5 million computers and steal approximately $250 million from Russian bank accounts.
The first case in Russia when all members of the criminal group were arrested; the leaders were sentenced to 5 and 7 years in prison accordingly.
One of the oldest Russian hacker gangs is known to have stolen approximately 125 million rubles from Russian bank accounts.
All members of the criminal group have been arrested, even though they are known to have used control servers located abroad — in the Netherlands, Germany, France and the USA. Legal proceedings have been launched against the criminals.
The largest botnet in Russia is known to have infected 4.5 million computers. The volume of fraud is estimated at more than 150 million rubles.
The leader of the group which conducted crimes in several countries has been arrested.
The group created the first Russian botnet designed to steal money from personal bank accounts. The criminal conducted attacks against bank clients using counterfeit SIM cards.
The investigation has resulted in the fraud prevention of 1 billion rubles’. The criminal group leader has been arrested.
The first criminal group members who were arrested for money theft conducted using malicious mobile apps in Russia.
The investigation is ongoing.