Report an incident

Get 24/7 incident response assistance from our global team

Talk to sales

Just fill out the form, and our representative will contact you soon.

Join the Cybercrime Fighters Club

Please review the following rules before submitting your application:

1. Our main objective is to foster a community of like-minded individuals dedicated to combatting cybercrime and who have never engaged in Blackhat activities.

2. All applications must include research or a research draft. You can find content criteria in the blog. Please provide a link to your research or research draft using the form below.

Nikita Rostovcev Group-IB

Nikita Rostovcev

APAC Technical Head - ASM, TI & DRP

Nikita Rostovtsev is an cybersecurity expert who loves to investigate complex cases, especially those related to the network infrastructure of attackers. Nikita joined Group-IB in 2018 and has a master’s degree in cybersecurity since 2019.

Nikita made a major contribution to the development of internal attack prevention tools, and also participated in several cases involving law enforcement officials from different countries. Thanks to his talent, Conti’s, APT41 reports came to light; he revealed new methods of delivering malware used by the MuddyWater group. He is also the author of several reports on cybercrime, some of which ended in deanon of cyberattackers.

Awards and recognitions

GIB Star Achievement coin

GIB STAR challenge coin – For significant achievements, large-scale projects, and developing new lines of business throughout the year.

PR-MAchine achievement

PR MACHINE challenge coin

OPERA1ER Achievement

OPERA1ER challenge coin –  For contributing to the report on the OPERA1ER cybercrime syndicate.

Dragon shepherd coin

Dragon shepherd challenge coin

Conti Armada challenge coin - For contributing to the report on the ransomware group Conti

Conti Armada challenge coin – For contributing to the report on the ransomware group Conti.

Operation lotus challenge coin

Operation Lotus challenge coin

Stronghold defenders achievement coin

Stronghold defenders achievement coin

cardbroken achievement coin

Operation Cardbroken challenge coin

Blog posts by Nikita Rostovcev

Threat Intelligence
August 27, 2025
ShadowSilk: A Cross-Border Binary Union for Data Exfiltration
This blog describes attacks on victims in Central Asia and APAC. Research into the attack has identified a group also called YoroTrooper. We also identified profiles of attackers on hacker forums, their malicious web-panels, test infections of attackers' own machines, and screenshots of attackers' desktops.
30,688
The Threat of Compromised Mobile Device Management Credentials
Threat Landscape Overview
August 7, 2024
Under Siege: The threat of compromised Mobile Device Management credentials and its implications for organizational security
The leakage of credentials for Mobile Device Management (MDM) services could pose significant risks to organizations and their data security.
17,739
ResumeLooters gang
Threat Intelligence
February 6, 2024
Dead-end job: ResumeLooters infect websites in APAC through SQL injection and XSS attacks
ResumeLooters gang infects websites with XSS scripts and SQL injections to vacuum up job seekers' personal data and CVs
34,580
Threat Intelligence
December 14, 2023
Ace in the Hole: exposing GambleForce, an SQL injection gang
Analysis of TTPs tied to GambleForce, which carried out SQL injection attacks against companies in the APAC region
4,999
Advanced Persistent Threats
May 17, 2023
The distinctive rattle of APT SideWinder
Bridewell and Group-IB expose the APT’s unknown infrastructure
10,686
Threat Intelligence
April 18, 2023
SimpleHarm: Tracking MuddyWater’s infrastructure
Group-IB analysts discovered the new MuddyWater infrastructure while researching the pro-state group’s use of the legitimate SimpleHelp tool.
11,136
Advanced Persistent Threats
August 18, 2022
APT41 World Tour 2021 on a tight schedule
4 malicious campaigns, 13 confirmed victims, and a new wave of Cobalt Strike infections
15,160
Threat Intelligence
June 16, 2022
“We find many things that others do not even see”
Nikita Rostovtsev on current cyber threats and his profession
1,692
Advanced Persistent Threats
June 1, 2022
SideWinder.AntiBot.Script
APT SideWinder’s new tool that narrows their reach to Pakistan
6,939
Threat Intelligence
August 5, 2021
Prometheus TDS
The key to success for Campo Loader, Hancitor, IcedID, and QBot
10,743
Advanced Persistent Threats
June 10, 2021
Big airline heist
APT41 likely behind a third-party attack on Air India
18,179
Threat Intelligence
June 3, 2021
FontPack: A dangerous update
Attribution secrets: Who is behind stealing credentials and bank card data by asking to install fake Flash Player, browser or font updates?
1,526
Threat Intelligence
December 7, 2020
The footprints of Raccoon
A story about operators of JS-sniffer FakeSecurity distributing Raccoon stealer
2,618
Threat Intelligence
May 29, 2019
Catching fish in muddy waters
How the hacker group MuddyWater attacked a Turkish manufacturer of military electronics
1,214

Webinars by Nikita Rostovcev

APAC Intelligence Insights H1-2025 Review & H2 Forecasts
On-Demand
August 25, 2025 · 1 hour 18 min
APAC Intelligence Insights H1-2025 Review & H2 Forecasts
Stay ahead of the cyber threats in the Asia-Pacific (APAC) region! Join Group-IB’s experts for a ...
APT41 2021 World Tour – CyberCrimeCon 2021
On-Demand
December 2, 2021 · 26 min
APT41 2021 World Tour – CyberCrimeCon 2021
Group-IB APT Research Analyst Nikita Rostovcev shares his findings on the notorious APT41 group a...