Report an incident

Get 24/7 incident response assistance from our global team

Talk to sales

Just fill out the form, and our representative will contact you soon.

Join the Cybercrime Fighters Club

Please review the following rules before submitting your application:

1. Our main objective is to foster a community of like-minded individuals dedicated to combatting cybercrime and who have never engaged in Blackhat activities.

2. All applications must include research or a research draft. You can find content criteria in the blog. Please provide a link to your research or research draft using the form below.

Mahmoud Zohdy

Malware Analyst (MEA)

Mahmoud Zohdy is a Malware Research and Threat Intelligence Specialist at Group-IB. With over five years of experience in the cybersecurity industry, he specializes in malware analysis, tracking advanced threat actors, and researching Windows kernel threats.

Before joining Group-IB, Mahmoud held cybersecurity roles at multinational companies, where he contributed to incident response, digital forensics, and security R&D. He has extensive experience in malware research and cyber threat intelligence and has published multiple works on APTs, rootkits, and ransomware.

Blog posts by Mahmoud Zohdy

Advanced Persistent Threats
October 22, 2025
Unmasking MuddyWater’s New Malware Toolkit Driving International Espionage
Group-IB Threat Intelligence has uncovered a sophisticated phishing campaign, attributed with high confidence to the Advanced Persistent Threat (APT) MuddyWater. The attack used a compromised mailbox to distribute Phoenix backdoor malware to international organizations and across the whole Middle East and North Africa region, targeting more than 100 government entities.
55,991
Advanced Persistent Threats
September 17, 2025
Tracking MuddyWater in Action: Infrastructure, Malware and Operations during 2025
The blog provides an in-depth look at MuddyWater’s evolution in tooling, targeting, and infrastructure management, suggesting a more mature and capable advanced persistent threat within the META region.
64,779
Technologies
July 4, 2025
Exploiting Trust: How Signed Drivers Fuel Modern Kernel Level Attacks on Windows
Discover how attackers leverage Windows Kernel loaders and abuse digitally signed drivers to gain privileged access, disable security tools, and stealthily maintain control — bypassing traditional defenses and enabling advanced threat operations.
1,450
Ransomware
April 30, 2025
Ransomware debris: an analysis of the RansomHub operation
This blog on RansomHub provides an overview into how this Ransomware-as-a-Service (RaaS) group operates, including its extortion tactics, affiliate recruitment strategies, and the features of its affiliate panel.
8,450
Ransomware
April 2, 2025
The beginning of the end: the story of Hunters International
Learn about technical details on the ransomware and Storage Software tool, how the criminals use the affiliate panel as well as information on the Hunters International ransomware group from its emergence to the end of the operation.
6,734
RansomHub Never Sleeps Episode 1
Ransomware
February 12, 2025
RansomHub Never Sleeps Episode 1: The evolution of modern ransomware
Discover how ransomware has evolved into a sophisticated cyber threat, with groups like RansomHub leading the charge. Learn more about their adaptability, TTPs, and the rise of Ransomware-as-a-service in this first-of-three-part trilogy.
4,678