https://www.group-ib.com/blog/ Exponentiate your cybersecurity expertise and stay up to date with the latest cyber threat trends covered in our blog. Thu, 23 Apr 2026 18:36:00 hourly 1 https://www.group-ib.com/blog/french-fintech-mule-accounts/ How corporate/retail accounts are exploited for financial fraud through sophisticated device fingerprinting and mule networks. Wed, 22 Apr 2026 06:53:46 https://www.group-ib.com/blog/french-fintech-mule-accounts/ https://www.group-ib.com/blog/w3ll-phishing-ecosystem-takedown/ The takedown of a global phishing-as-a-service ecosystem Thu, 16 Apr 2026 06:56:10 https://www.group-ib.com/blog/w3ll-phishing-ecosystem-takedown/ https://www.group-ib.com/blog/seven-cyber-signals-first-paris-2026/ Group-IB hosted the FIRST Technical Colloquium in Paris, where cybersecurity experts challenged assumptions around modern cyber defense. FIRST Chair Olivier Caleff opened and moderated the event. Thu, 09 Apr 2026 09:25:15 https://www.group-ib.com/blog/seven-cyber-signals-first-paris-2026/ https://www.group-ib.com/blog/behavioral-analytics-cybersecurity/ Attackers count on static defenses. Switch to advanced behavioral analytics to spot abnormal behavior while its still unfolding and protect your environment. Thu, 09 Apr 2026 08:16:00 https://www.group-ib.com/blog/behavioral-analytics-cybersecurity/ https://www.group-ib.com/blog/dprk-fake-remote-developers/ Discover how North Korean threat actors use synthetic identities, AI-assisted workflows, and overlapping infrastructure to infiltrate companies, and learn actionable strategies to mitigate this insider threat. Wed, 08 Apr 2026 07:30:00 https://www.group-ib.com/blog/dprk-fake-remote-developers/ https://www.group-ib.com/blog/phisles-phishing-banks-philippines/ Group-IB researchers uncover an ongoing phishing campaign targeting major banks in the Philippines. This blog details how threat actors abuse trusted and legitimate platforms to deceive users and evade detection. It highlights a significant threat escalation with the successful hijacking of a legitimate domain to host malicious infrastructure, enabling threat actors to operate with even greater credibility and reduced detection. Wed, 01 Apr 2026 10:32:35 https://www.group-ib.com/blog/phisles-phishing-banks-philippines/ https://www.group-ib.com/blog/phantom-stealer-credential-theft/ Group-IB shows how Business Email Protection blocked Phantom Stealer phishing emails across different campaign waves. Tue, 31 Mar 2026 06:56:08 https://www.group-ib.com/blog/phantom-stealer-credential-theft/ https://www.group-ib.com/blog/beyond-compliance-fraud-sharing-privacy/ Global regulators are mandating fraud intelligence sharing. Learn how financial institutions can collaborate in real-time while maintaining privacy compliance through Distributed Tokenization. Mon, 30 Mar 2026 15:25:57 https://www.group-ib.com/blog/beyond-compliance-fraud-sharing-privacy/ https://www.group-ib.com/blog/cybersecurity-strategy-planning-2026/ Is your cybersecurity truly built to withstand today’s nuanced threats or is it just living on paper? Find out more. Mon, 30 Mar 2026 08:20:46 https://www.group-ib.com/blog/cybersecurity-strategy-planning-2026/ https://www.group-ib.com/blog/gtfire-phishing-scheme-es/ Cómo GTFire abusa de Google Firebase y Google Translate para escalar campañas globales de phishing Wed, 25 Mar 2026 12:13:42 https://www.group-ib.com/blog/gtfire-phishing-scheme-es/ https://www.group-ib.com/blog/cloud-phones-invisible-threat/ Tracing the evolution of cloud phone technology from harmless social media engagement automation to industrial-scale financial fraud that’s invisible to modern detection systems. Wed, 25 Mar 2026 07:09:44 https://www.group-ib.com/blog/cloud-phones-invisible-threat/ https://www.group-ib.com/blog/hastalamuerte-gentlemen-raas-ttps/ The report provides an overview on tactics, techniques, and procedures (TTPs) of The Gentlemen observed by Group-IB in intrusions conducted by its affiliates, as well as relevant information about the group's capabilities collected from underground private sources. Thu, 19 Mar 2026 07:09:19 https://www.group-ib.com/blog/hastalamuerte-gentlemen-raas-ttps/ https://www.group-ib.com/blog/mea-shipment-tracking-scam/ Did you really lose your shipment on the way? Fri, 13 Mar 2026 16:18:47 https://www.group-ib.com/blog/mea-shipment-tracking-scam/ https://www.group-ib.com/blog/supply-chain-attack-groups-2026/ Who's attacking your vendors? Read about the six main supply chain attack groups who are driving SaaS, open-source, and MSP compromise in 2026. Learn how npm supply chain attacks threaten your security today, based on threat intelligence collected by Group-IB. Fri, 13 Mar 2026 10:55:43 https://www.group-ib.com/blog/supply-chain-attack-groups-2026/ https://www.group-ib.com/blog/gtfire-phishing-scheme/ How GTFire abuses Google Firebase and Google Translate to scale global phishing campaigns Thu, 26 Feb 2026 07:55:28 https://www.group-ib.com/blog/gtfire-phishing-scheme/ https://www.group-ib.com/blog/muddywater-operation-olalampo/ MuddyWater APT has launched a new cyber offensive operation, dubbed Operation Olalampo, deploying new malware variants and leveraging Telegram bots for command-and-control. Analysis of the campaign provides a glimpse into the group’s post-exploitation tactics, which largely align with their historical operations. Fri, 20 Feb 2026 10:09:20 https://www.group-ib.com/blog/muddywater-operation-olalampo/ https://www.group-ib.com/blog/indonesia-tax-impersonation-goldfactory-malware/ It’s tax season in Indonesia and fraudsters are observed to be ramping up the fraud campaign involving fake Coretax apps, but behind it lies an industrialized MaaS infrastructure ready to strike anywhere. Thu, 19 Feb 2026 10:29:34 https://www.group-ib.com/blog/indonesia-tax-impersonation-goldfactory-malware/ https://www.group-ib.com/blog/new-shadowsyndicate-infrastructure/ ShadowSyndicate levels up by developing new tactics, establishing additional SSH fingerprints and involving more servers. Wed, 04 Feb 2026 07:11:24 https://www.group-ib.com/blog/new-shadowsyndicate-infrastructure/ https://www.group-ib.com/blog/xai-cybersecurity/ AI knows everything, but should we trust it blindly? Here’s where XAI becomes important, by helping to keep AI in check and maintaining transparency, trust, and a true risk picture in cybersecurity. Tue, 03 Feb 2026 06:01:31 https://www.group-ib.com/blog/xai-cybersecurity/ https://www.group-ib.com/blog/multicloud-cspm-security/ Reconfigure multi-cloud security with the newly launched Group-IB Cloud Security Posture Management (CSPM) Tue, 27 Jan 2026 09:37:18 https://www.group-ib.com/blog/multicloud-cspm-security/ https://www.group-ib.com/blog/peru-digital-loan-scam/ A deep dive into loan phishing scams in Peru and Latin America. Discover how scammers lure victims with fake loan offers, harvest sensitive banking credentials, and leverage advanced scripts to maximize fraud at scale. Wed, 21 Jan 2026 06:56:48 https://www.group-ib.com/blog/peru-digital-loan-scam/ https://www.group-ib.com/blog/ai-security-risks/ Tue, 20 Jan 2026 06:27:04 https://www.group-ib.com/blog/ai-security-risks/ https://www.group-ib.com/blog/phishing-email-security/ Tue, 20 Jan 2026 06:12:09 https://www.group-ib.com/blog/phishing-email-security/ https://www.group-ib.com/blog/examples-of-ai-in-cybersecurity/ Tue, 20 Jan 2026 05:59:02 https://www.group-ib.com/blog/examples-of-ai-in-cybersecurity/ https://www.group-ib.com/blog/deadlock-ransomware-polygon-smart-contracts/ This blog uncovers DeadLock’s stealthy usage of Polygon smart contracts for proxy address storage, a poorly-documented and under-reported technique that Group-IB analysts have observed increased usage in the wild. Variants of this technique are very wide and offer great alternatives to threat actors for bypassing traditional defenses by abusing decentralized blockchains available worldwide. Thu, 15 Jan 2026 06:07:08 https://www.group-ib.com/blog/deadlock-ransomware-polygon-smart-contracts/ https://www.group-ib.com/blog/ghost-tapped-chinese-malware/ Group-IB researchers detail the inner workings of Chinese tap-to-pay schemes on Telegram and examine the NFC-enabled Android apps fraudsters are using to steal money from victim’s bank cards and mobile wallets remotely. Wed, 07 Jan 2026 07:00:34 https://www.group-ib.com/blog/ghost-tapped-chinese-malware/ https://www.group-ib.com/blog/docusign-impersonation-logokit/ Learn how Group-IB’s Business Email Protection stops the growing wave of DocuSign impersonation before users are exposed, and protects them from credential-capturing websites built with real-time customizable LogoKit. Mon, 05 Jan 2026 08:15:36 https://www.group-ib.com/blog/docusign-impersonation-logokit/ https://www.group-ib.com/blog/online-job-scams-mena/ Fake online job ads continue to circulate across social media, especially in Arab countries, offering easy remote work and quick income. The sinister goal: to harvest sensitive information, from ID documents to banking details. This blog explains how the scheme operates, who the scammers target, and how to prevent falling victim to it. Wed, 24 Dec 2025 07:04:32 https://www.group-ib.com/blog/online-job-scams-mena/ https://www.group-ib.com/blog/mobile-malware-uzbekistan/ Group-IB analyzes the evolution of Android malware in Uzbekistan, revealing advanced droppers, encrypted payload delivery, anti-analysis techniques, and Wonderland’s bidirectional SMS-stealing capabilities driving large-scale financial fraud. Fri, 19 Dec 2025 07:53:15 https://www.group-ib.com/blog/mobile-malware-uzbekistan/ https://www.group-ib.com/blog/ai-cybersecurity-guide-2025/ AI in cybersecurity is changing the threat landscape faster than ever. Stay current and prepared with Group-IB. Fri, 12 Dec 2025 08:22:21 https://www.group-ib.com/blog/ai-cybersecurity-guide-2025/ https://www.group-ib.com/blog/credit-fraud-in-uzbekistan/ Comprehensive insights into Uzbekistan’s credit fraud trends, the methods used by fraudsters, and the practical security controls financial institutions are fighting back with. Thu, 11 Dec 2025 07:32:17 https://www.group-ib.com/blog/credit-fraud-in-uzbekistan/ https://www.group-ib.com/blog/cyber-predictions-2026/ Stranger things are happening in the upside-down world of cybercrime. Group-IB’s CEO, Dmitry Volkov, shares his cyber predictions for 2026 — what’s coming next, and what we must collectively fight against. Wed, 10 Dec 2025 07:45:51 https://www.group-ib.com/blog/cyber-predictions-2026/ https://www.group-ib.com/blog/turning-apps-into-gold/ A deep dive into GoldFactory’s evolving mobile fraud campaigns across APAC, including modified banking apps, new malware variants such as Gigaflower, shared criminal infrastructure, and insights from the Group-IB Fraud Matrix, with recommendations for organizations and end users. Wed, 03 Dec 2025 06:59:15 https://www.group-ib.com/blog/turning-apps-into-gold/ https://www.group-ib.com/blog/app-fraud-prevention/ Discover how real-time fraud intelligence sharing prevents APP fraud before losses. Stop mule accounts already during warm-up with GDPR-compliant technology. Tue, 02 Dec 2025 03:40:24 https://www.group-ib.com/blog/app-fraud-prevention/ https://www.group-ib.com/blog/bloody-wolf/ Since late June 2025, Group-IB analysts observed a surge in spear-phishing emails across Central Asia. The attackers impersonate government agencies to gain the trust of their victims. This blog describes the techniques, tools and ongoing activity of the threat group known as Bloody Wolf. Wed, 26 Nov 2025 08:22:56 https://www.group-ib.com/blog/bloody-wolf/ https://www.group-ib.com/blog/uncover-phishing-italy/ Group-IB researchers uncovered a professional phishing framework that mimics trusted brands with remarkable precision. Using layered evasion, CAPTCHA filtering, and Telegram-based data exfiltration, attackers harvest credentials and bypass automated detection. The findings highlight how phishing-as-a-service operations are scaling through automation, lowering technical barriers for cybercriminals, and industrializing one of the oldest yet most effective forms of digital fraud. Thu, 13 Nov 2025 07:09:17 https://www.group-ib.com/blog/uncover-phishing-italy/ https://www.group-ib.com/blog/ghosts-in-proc/ Discover how attackers could manipulate the Linux /proc filesystem to hide malicious processes and distort forensic timelines. This technical deep dive highlights examples of command-line substitution and start time corruption, and offers detection and defense strategies for incident responders and security analysts. Wed, 05 Nov 2025 06:57:34 https://www.group-ib.com/blog/ghosts-in-proc/ https://www.group-ib.com/blog/detect-npm-supply-chain-attack/ Discover how Group-IB’s Business Email Protection (BEP) could prevent an NPM supply chain compromise by detecting the initial phishing email that led to the developer’s infection. Fri, 31 Oct 2025 07:30:48 https://www.group-ib.com/blog/detect-npm-supply-chain-attack/ https://www.group-ib.com/blog/illusion-wealth-investment-scams/ This blog details online investment scam campaigns, including fraudulent cryptocurrency, forex, and trading platforms, while offering a technical investigation guide for investigators, based on Group-IB’s technical investigation methodology. It outlines the social engineering tactics and victim manipulation models employed, describes the fraud actor structures behind these schemes, and highlights key infrastructure artifacts identified by Group-IB High-Tech Investigations analysts that can be leveraged by cybersecurity professionals for detection and disruption. Tue, 28 Oct 2025 09:06:32 https://www.group-ib.com/blog/illusion-wealth-investment-scams/ https://www.group-ib.com/blog/muddywater-espionage/ Group-IB Threat Intelligence has uncovered a sophisticated phishing campaign, attributed with high confidence to the Advanced Persistent Threat (APT) MuddyWater. The attack used a compromised mailbox to distribute Phoenix backdoor malware to international organizations and across the whole Middle East and North Africa region, targeting more than 100 government entities. Wed, 22 Oct 2025 07:01:54 https://www.group-ib.com/blog/muddywater-espionage/ https://www.group-ib.com/blog/immediate-era-fraud-singapore/ Group-IB’s Threat Intelligence Report on a Singapore-Targeted Scam Operation Tue, 21 Oct 2025 06:56:31 https://www.group-ib.com/blog/immediate-era-fraud-singapore/ https://www.group-ib.com/blog/east-west-ndr/ Most NDR deployments focus on perimeter traffic. Meanwhile, attackers move laterally inside networks. Here’s why east-west visibility is the blind spot that defines today’s biggest breaches. Fri, 17 Oct 2025 07:46:08 https://www.group-ib.com/blog/east-west-ndr/ https://www.group-ib.com/blog/payment-fraud-defense/ Group-IB’s Suspicious Payment Details module for Threat Intelligence delivers payment identifiers tied to ransomware, illegal casinos, and laundering schemes. Fraud, AML, and compliance teams can now stop money from reaching criminal infrastructure. Wed, 15 Oct 2025 07:37:31 https://www.group-ib.com/blog/payment-fraud-defense/ https://www.group-ib.com/blog/cybersecurity-newsletters/ Your inbox deserves better than spam. Here are 7 cybersecurity newsletters that actually inform and make you a little smarter each week. Wed, 08 Oct 2025 04:01:00 https://www.group-ib.com/blog/cybersecurity-newsletters/ https://www.group-ib.com/blog/muddywater-infrastructure-malware/ The blog provides an in-depth look at MuddyWater’s evolution in tooling, targeting, and infrastructure management, suggesting a more mature and capable advanced persistent threat within the META region. Wed, 17 Sep 2025 07:48:15 https://www.group-ib.com/blog/muddywater-infrastructure-malware/ https://www.group-ib.com/blog/cybersecurity-podcasts/ Fri, 05 Sep 2025 08:31:25 https://www.group-ib.com/blog/cybersecurity-podcasts/ https://www.group-ib.com/blog/ai-cybercrime-usecases/ AI in cybercrime is evolving fast, fueling AI phishing attacks, AI scam calls, AI voice cloning scams, and even AI deepfake scams. From Dark LLMs to next-gen AI phishing tactics, we break down how criminals exploit AI today and what you can do to stay protected. Wed, 03 Sep 2025 07:49:47 https://www.group-ib.com/blog/ai-cybercrime-usecases/ https://www.group-ib.com/blog/shadowsilk/ This blog describes attacks on victims in Central Asia and APAC. Research into the attack has identified a group also called YoroTrooper. We also identified profiles of attackers on hacker forums, their malicious web-panels, test infections of attackers' own machines, and screenshots of attackers' desktops. Wed, 27 Aug 2025 07:50:22 https://www.group-ib.com/blog/shadowsilk/ https://www.group-ib.com/blog/how-email-threats-hide-behind-your-partners/ The most widely used email security tools still focus on yesterday’s threats. Meanwhile, attackers have moved on. By hijacking legitimate business relationships and embedding infostealers in familiar-sounding, well-written emails, cybercriminals bypass conventional defenses. The only way to keep up is by using a behavioral approach. Mon, 25 Aug 2025 09:04:14 https://www.group-ib.com/blog/how-email-threats-hide-behind-your-partners/ https://www.group-ib.com/blog/evolving-mule-tactics/ Discover how mule operators evolved in META-region banks—from IP masking to Starlink tactics with advanced GPS spoofing, SIM abuse, and device muling—and how layered fraud detection strategies fought back. Wed, 20 Aug 2025 06:44:53 https://www.group-ib.com/blog/evolving-mule-tactics/ https://www.group-ib.com/blog/exposing-investment-scams/ Discover how AI trading scams and deepfake scam videos fuel fake trading platforms. Discover how to spot investment scam signals and avoid online trading scams. Wed, 13 Aug 2025 06:58:28 https://www.group-ib.com/blog/exposing-investment-scams/ https://www.group-ib.com/blog/voice-deepfake-scams/ Discover how AI voice deepfake vishing exploits trust, drains millions, and learn practical steps to detect and stop voice‑based scams. Wed, 06 Aug 2025 07:32:43 https://www.group-ib.com/blog/voice-deepfake-scams/ https://www.group-ib.com/blog/unc2891-bank-heist/ Deep dive into UNC2891’s multi‑stage bank intrusion: Raspberry Pi ATM implant, bind mount evasion, Dynamic DNS C2, and a CAKETAP move toward HSM manipulation. Wed, 30 Jul 2025 07:46:37 https://www.group-ib.com/blog/unc2891-bank-heist/ https://www.group-ib.com/blog/predictive-ai/ Think threat actors are unpredictable? The rise of intelligence-driven defense and the push for incident predictions might just give us the edge to know their next moves…long before they make it. Fri, 25 Jul 2025 07:51:26 https://www.group-ib.com/blog/predictive-ai/ https://www.group-ib.com/blog/pdf-tampering/ Uncovering the validity of a PDF by utilizing some of the tools and methods to detect changes made to a PDF, and understand the limitations in proving PDF integrity. Wed, 23 Jul 2025 07:48:05 https://www.group-ib.com/blog/pdf-tampering/ https://www.group-ib.com/blog/bioconfirm-security/ Enable real-time, token-based account security that stops withdrawal fraud before your brand, players, and their revenue are compromised. Tue, 22 Jul 2025 09:45:36 https://www.group-ib.com/blog/bioconfirm-security/ https://www.group-ib.com/blog/fake-receipts-generators/ Scammers are using tools like MaisonReceipts to create fake receipts and exploit brands. Uncover how this growing fraud ecosystem works behind the scenes. Thu, 17 Jul 2025 06:27:53 https://www.group-ib.com/blog/fake-receipts-generators/ https://www.group-ib.com/blog/combolists-ulp-darkweb/ The blog is dedicated to the analysis of combolist and URL-Login-Password (ULP) files published on the dark web and establishing the reasons why they are mostly a secondary or untrustworthy source of compromising any data Tue, 08 Jul 2025 08:07:55 https://www.group-ib.com/blog/combolists-ulp-darkweb/ https://www.group-ib.com/blog/bioconfirm/ Introducing BioConfirm - Enable real-time, token-based user account security that stops withdrawal fraud before your brand, customers’ trust, and revenue are compromised. Mon, 07 Jul 2025 07:03:40 https://www.group-ib.com/blog/bioconfirm/ https://www.group-ib.com/blog/kernel-driver-threats/ Discover how attackers leverage Windows Kernel loaders and abuse digitally signed drivers to gain privileged access, disable security tools, and stealthily maintain control — bypassing traditional defenses and enabling advanced threat operations. Fri, 04 Jul 2025 10:59:11 https://www.group-ib.com/blog/kernel-driver-threats/ https://www.group-ib.com/blog/one-attack-one-alert/ Discover how Smart Alert in Group-IB Managed XDR consolidates thousands of alerts into one, cuts alert volume by 80%, and automates SOC detection and triage with AI. Fri, 04 Jul 2025 07:50:48 https://www.group-ib.com/blog/one-attack-one-alert/ https://www.group-ib.com/blog/rise-of-qwizzserial/ Discovered by Group-IB in mid-2024, the Qwizzserial, which was initially not very active, began to spread strongly in Uzbekistan, masquerading as legitimate applications. The malware steals banking information and intercepts 2FA sms, transmitting it to fraudsters via Telegram bots. Wed, 02 Jul 2025 08:08:02 https://www.group-ib.com/blog/rise-of-qwizzserial/ https://www.group-ib.com/blog/middle-east-cyber-escalation/ Regional Conflict Monitoring (June 13 - 20, 2025) Mon, 23 Jun 2025 18:22:25 https://www.group-ib.com/blog/middle-east-cyber-escalation/ https://www.group-ib.com/blog/declaration-trap/ Scammers are using fake tax authority emails to deploy crypto drainers. Discover how the declaration trap works and how to protect your digital assets. Thu, 19 Jun 2025 06:01:17 https://www.group-ib.com/blog/declaration-trap/ https://www.group-ib.com/blog/colombian-cybertrap/ Uncover how cybercriminals in Colombia impersonate financial brands and exploit public data to craft convincing vehicle insurance scams. Thu, 15 May 2025 07:47:55 https://www.group-ib.com/blog/colombian-cybertrap/ https://www.group-ib.com/blog/pam-harvesting-insight/ Learn how attackers exploit Pluggable Authentication Modules (PAM) for credential harvesting—and discover defenses to harden Linux authentication. Thu, 08 May 2025 07:13:42 https://www.group-ib.com/blog/pam-harvesting-insight/ https://www.group-ib.com/blog/cyber-integration-mistakes/ Mon, 05 May 2025 08:56:07 https://www.group-ib.com/blog/cyber-integration-mistakes/ https://www.group-ib.com/blog/ransomware-debris/ This blog on RansomHub provides an overview into how this Ransomware-as-a-Service (RaaS) group operates, including its extortion tactics, affiliate recruitment strategies, and the features of its affiliate panel. Wed, 30 Apr 2025 06:00:47 https://www.group-ib.com/blog/ransomware-debris/ https://www.group-ib.com/blog/toll-of-deception/ Discover the latest phishing campaign targeting a major toll road service provider, where cybercriminals use sophisticated evasion techniques to bypass security detections. This in-depth blog reveals how threat actors exploit legitimate platforms and deploy cloaking methods to disguise malicious links, allowing them to evade detection by security solutions. Discover how these sophisticated tactics create highly convincing phishing pages designed to steal victims’ card information, and how to safeguard yourself against these evolving cyber threats. Wed, 23 Apr 2025 07:05:29 https://www.group-ib.com/blog/toll-of-deception/ https://www.group-ib.com/blog/smart-ai-assistant/ Our new LLM-powered chatbot is designed for efficiency and security. Discover how Group-IB AI Assistant enhances threat intelligence workflows and provides security teams with instant insights — without compromising privacy. Fri, 18 Apr 2025 08:04:29 https://www.group-ib.com/blog/smart-ai-assistant/ https://www.group-ib.com/blog/dark-web-fraud/ Wed, 16 Apr 2025 07:02:21 https://www.group-ib.com/blog/dark-web-fraud/ https://www.group-ib.com/blog/ciso-risk-management/ For modern CISOs, cyber risk management and reduction are nonstop challenges. But this blog offers exactly what you need to build a strategy that empowers you to manage and mitigate threats—cutting through the noise of an otherwise demanding role. Fri, 11 Apr 2025 08:50:31 https://www.group-ib.com/blog/ciso-risk-management/ https://www.group-ib.com/blog/sms-pumping/ Wed, 09 Apr 2025 06:04:30 https://www.group-ib.com/blog/sms-pumping/ https://www.group-ib.com/blog/fraud-underbelly-australia/ Know exactly how cybercriminals are orchestrating attacks on Australia’s citizens and digital assets, and why are they a lucrative target? Thu, 03 Apr 2025 07:16:21 https://www.group-ib.com/blog/fraud-underbelly-australia/ https://www.group-ib.com/blog/hunters-international-ransomware-group/ Learn about technical details on the ransomware and Storage Software tool, how the criminals use the affiliate panel as well as information on the Hunters International ransomware group from its emergence to the end of the operation. Wed, 02 Apr 2025 06:02:43 https://www.group-ib.com/blog/hunters-international-ransomware-group/ https://www.group-ib.com/blog/navigating-cybercrime-latin-america/ Stripping down barriers of distance, language, and the unknown, Group-IB’s mission to fight cybercrime brings us to our latest frontier –Latin America. Join us as we uncover the region’s deceptive criminals and tactics. Thu, 27 Mar 2025 08:09:36 https://www.group-ib.com/blog/navigating-cybercrime-latin-america/ https://www.group-ib.com/blog/unmasking-the-classiscam-in-central-asia/ Scams like Classiscam automate fake websites to steal financial data, exploiting digitalization’s rise in developing countries, making fraud both effective and hard to detect. In this blog, we dissect the inner working of the scam and its prevalence in Central Asia. Wed, 26 Mar 2025 09:03:35 https://www.group-ib.com/blog/unmasking-the-classiscam-in-central-asia/ https://www.group-ib.com/blog/hunting-rituals-5/ Discover how hypothesis-driven threat hunting uncovered stealthy malware. Learn why having a dedicated in-house team or leveraging expert threat hunting services is crucial for modern cybersecurity. Mon, 24 Mar 2025 12:47:48 https://www.group-ib.com/blog/hunting-rituals-5/ https://www.group-ib.com/blog/the-cybercriminal-with-four-faces-revealing-group-ib-s-investigation-into-altdos-desorden-ghostr-and-0mid16b/ Following the arrest of the cybercriminal behind the aliases ALTDOS, DESORDEN, GHOSTR, and 0mid16B, Group-IB provides a deep dive into his activities, uncovering striking similarities and unmasking the cybercriminal that breached more than 90 instances of data leaks worldwide over the span of four years in operation. Thu, 20 Mar 2025 09:09:01 https://www.group-ib.com/blog/the-cybercriminal-with-four-faces-revealing-group-ib-s-investigation-into-altdos-desorden-ghostr-and-0mid16b/ https://www.group-ib.com/blog/clickfix-the-social-engineering-technique-hackers-use-to-manipulate-victims/ Discover how the ClickFix social engineering attack exploits human psychology to bypass security. Learn how hackers use this tactic and how to protect against it. Thu, 13 Mar 2025 08:11:27 https://www.group-ib.com/blog/clickfix-the-social-engineering-technique-hackers-use-to-manipulate-victims/ https://www.group-ib.com/blog/the-evolution-of-sim-swapping-fraud-how-fraudsters-bypass-security-layers/ Discover how SIM swapping fraud has evolved, how cybercriminals bypass security layers, and the best ways to protect yourself from SIM swap attacks. Learn key prevention tips now. Mon, 10 Mar 2025 07:14:19 https://www.group-ib.com/blog/the-evolution-of-sim-swapping-fraud-how-fraudsters-bypass-security-layers/ https://www.group-ib.com/blog/building-zero-trust-security-selectively-trust-to-rightfully-secure/ Build resilience with a zero trust cybersecurity model. Leverage your existing infrastructure for stronger security. Get all essential insights to start now. Fri, 07 Mar 2025 07:12:53 https://www.group-ib.com/blog/building-zero-trust-security-selectively-trust-to-rightfully-secure/ https://www.group-ib.com/blog/technology-alone-isn-t-the-answer-to-cyber-threats-time-to-rethink-security-culture/ Get the (ABCs) Awareness, Behavior, and Culture of cybersecurity right - an organization's silent drivers of cyber protection. Tue, 04 Mar 2025 10:10:45 https://www.group-ib.com/blog/technology-alone-isn-t-the-answer-to-cyber-threats-time-to-rethink-security-culture/ https://www.group-ib.com/blog/fingerprint-heists/ Discover how cybercriminals steal browser fingerprints to mimic users, bypass security measures, and commit online fraud. Learn how to protect your digital identity. Thu, 20 Feb 2025 10:19:13 https://www.group-ib.com/blog/fingerprint-heists/ https://www.group-ib.com/blog/ransomhub-never-sleeps-episode-1/ Discover how ransomware has evolved into a sophisticated cyber threat, with groups like RansomHub leading the charge. Learn more about their adaptability, TTPs, and the rise of Ransomware-as-a-service in this first-of-three-part trilogy. Wed, 12 Feb 2025 06:59:52 https://www.group-ib.com/blog/ransomhub-never-sleeps-episode-1/ https://www.group-ib.com/blog/5-ways-to-leverage-our-malware-reports/ Discover 5 ways to leverage Malware Reports for daily analysis and improve detection. Perfect for SOC analysts, threat hunters, and reverse engineers. Thu, 06 Feb 2025 06:38:20 https://www.group-ib.com/blog/5-ways-to-leverage-our-malware-reports/ https://www.group-ib.com/blog/the-dark-side-of-automation-and-rise-of-ai-agent/ Card testing attacks exploit stolen credit card details through small, unnoticed purchases to verify active cards for larger fraud. Cybercriminals use bots, proxies, and automation to evade detection, making real-time fraud prevention challenging. Learn how these attacks work and how to protect against them. Wed, 05 Feb 2025 07:58:39 https://www.group-ib.com/blog/the-dark-side-of-automation-and-rise-of-ai-agent/ https://www.group-ib.com/blog/cat-s-out-of-the-bag-lynx-ransomware/ In this blog, we observed how the Lynx Ransomware-as-a-Service (RaaS) group operates, detailing the workflow of their affiliates within the panel, their cross-platform ransomware arsenal, customizable encryption modes, and advanced technical capabilities. Tue, 28 Jan 2025 06:43:27 https://www.group-ib.com/blog/cat-s-out-of-the-bag-lynx-ransomware/ https://www.group-ib.com/blog/odds-ends-unraveling-the-surebet-playbook/ Discover the world of surebets, a strategy that guarantees profits by leveraging differing odds from multiple bookmakers. Explore how this approach impacts the betting market, challenging traditional profit models and increasing operational costs for bookmakers. Wed, 22 Jan 2025 07:14:53 https://www.group-ib.com/blog/odds-ends-unraveling-the-surebet-playbook/ https://www.group-ib.com/blog/glocal-vision/ How is Group-IB evolving into a leading cybersecurity force that the community relies on? Tue, 21 Jan 2025 04:00:15 https://www.group-ib.com/blog/glocal-vision/ https://www.group-ib.com/blog/the-reality-of-deception-real-estate-scams/ Real estate scams are on the rise as fraudsters exploit online platforms to deceive victims into paying for fake properties. This blog dives into how these scams operate in the Middle East, explains the tools and techniques used to detect and disrupt money-mule networks, and provides practical tips for staying safe. Thu, 16 Jan 2025 07:24:50 https://www.group-ib.com/blog/the-reality-of-deception-real-estate-scams/ https://www.group-ib.com/blog/beyond-ai/ Minimize false positives, proactively prevent threats, and gain customized fraud protection with Group-IB. Our AI-powered solutions are fine-tuned by local experts and real-time threat intelligence in key regions, ensuring optimal security performance and minimal disruption to your business. Mon, 13 Jan 2025 06:52:43 https://www.group-ib.com/blog/beyond-ai/ https://www.group-ib.com/blog/social-engineering-in-action/ Fraudsters have devised a sophisticated scheme targeting banking customers in the Middle East, impersonating government officials and using remote access software to steal credit card information and OTP codes. This scam specifically targets individuals who have lodged complaints online via a government portal, taking advantage of their trust and willingness to cooperate in hopes of refunds, leading to significant financial losses through fraudulent transactions. Wed, 08 Jan 2025 06:27:32 https://www.group-ib.com/blog/social-engineering-in-action/ https://www.group-ib.com/blog/cyber-predictions-for-2025/ Don’t fall weak in the face of change and disruption. Review the upcoming cybersecurity changes and become equipped while there’s time! Tue, 07 Jan 2025 11:47:48 https://www.group-ib.com/blog/cyber-predictions-for-2025/ https://www.group-ib.com/blog/patch-me-if-you-can/ Discover how smartphone manufacturers conceal security flaws, the risks these vulnerabilities pose to users and businesses, and actionable steps to protect devices from data breaches, identity theft, and exploitative attacks. Wed, 18 Dec 2024 06:11:31 https://www.group-ib.com/blog/patch-me-if-you-can/ https://www.group-ib.com/blog/trust-hijacked/ Explore the advanced tactics employed in recent email phishing campaigns targeting employees from over 30 companies across 12 industries and 15 jurisdictions. This blog unveils sophisticated techniques used to outsmart Secure Email Gateways (SEGs) and exploit trusted platforms, creating highly convincing schemes to deceive victims and steal their credentials. Wed, 11 Dec 2024 07:11:03 https://www.group-ib.com/blog/trust-hijacked/ https://www.group-ib.com/blog/deepfake-fraud/ Group-IB’s Fraud Protection team examines how fraudsters use deepfake technology to bypass biometric security in financial institutions, including facial recognition and liveness detection. This blog highlights the use of emulators, app cloning, and virtual cameras to exploit vulnerabilities, and highlights the financial and societal impacts of deepfake fraud. Wed, 04 Dec 2024 07:05:37 https://www.group-ib.com/blog/deepfake-fraud/ https://www.group-ib.com/blog/shady-bets/ Scammers are using fake betting game advertisements on social media to target users, with over 500 deceptive advertisements and 1,377 malicious websites identified by Group-IB CERT. These scams promise quick money but are designed to steal personal data and funds, and this blog aims to educate users on how to recognize and protect themselves from such threats. Thu, 28 Nov 2024 05:52:47 https://www.group-ib.com/blog/shady-bets/ https://www.group-ib.com/blog/rethinking-investigation/ Mon, 25 Nov 2024 08:05:19 https://www.group-ib.com/blog/rethinking-investigation/ https://www.group-ib.com/blog/tracing-the-path-of-vietcredcare-and-ducktail/ Following the arrest in May 2024 of more than 20 individuals behind Facebook infostealers campaigns in Vietnam, we have compared the tactics of operators behind VietCredCare and DuckTail stealers. These 2 malware families have been active before the arrest in Vietnam and are believed to be controlled by Vietnamese threat actors. Based on the research, we decided that the groups operate in a different way and the arrest probably affected the VietCredCare operators. Thu, 21 Nov 2024 09:33:11 https://www.group-ib.com/blog/tracing-the-path-of-vietcredcare-and-ducktail/ https://www.group-ib.com/blog/strengthening-aml-defenses/ Know the need to catch mules early in their operations to protect you from severe risks, including large-scale money laundering, compliance breaches, and business and customer disruptions. Fri, 15 Nov 2024 05:32:44 https://www.group-ib.com/blog/strengthening-aml-defenses/ https://www.group-ib.com/blog/stealthy-attributes-of-apt-lazarus/ Wed, 13 Nov 2024 05:55:12 https://www.group-ib.com/blog/stealthy-attributes-of-apt-lazarus/ https://www.group-ib.com/blog/chase-cyber-threats/ Waiting for risks to be presented to you rather than actively hunting them down? After reading this, you might consider a shift in approach to improve detection and proactively counter sophisticated attacks. Thu, 07 Nov 2024 07:55:34 https://www.group-ib.com/blog/chase-cyber-threats/ https://www.group-ib.com/blog/cybercriminal-tactics-in-the-balkan-region/ Explore our latest findings on the surge of cyberattacks in the Balkan region, focusing on threats to financial institutions and critical infrastructure. Discover how phishing scams impersonating postal services are targeting citizens in Croatia, Romania, Serbia, and Slovenia, and learn about the implications for public safety and security. Stay informed and protected against the rising tide of cybercrime. Wed, 30 Oct 2024 05:44:14 https://www.group-ib.com/blog/cybercriminal-tactics-in-the-balkan-region/ https://www.group-ib.com/blog/fraud-protection-know-your-real-users/ Stop fraud, RATs, and malware with Group-IB's Fraud Protection AI. Our advanced behavioral analysis uses AI to detect and prevent threats in real-time, safeguarding your business and users. Tue, 29 Oct 2024 08:25:44 https://www.group-ib.com/blog/fraud-protection-know-your-real-users/ https://www.group-ib.com/blog/global-igaming/ With Group-IB Fraud Protection, you can navigate the complexities of global iGaming regulations and risk. Tailor security measures for each market, optimize costs, and maximize growth. Learn how our advanced fraud detection and prevention tools can protect your players and profits. Fri, 25 Oct 2024 08:08:21 https://www.group-ib.com/blog/global-igaming/ https://www.group-ib.com/blog/fake-wood-scams/ In this blog we uncover a long-running scheme by scammers selling wood to the people in France during the winter season, and how consumers and businesses can protect themselves from financial and reputation damages. Tue, 22 Oct 2024 10:19:04 https://www.group-ib.com/blog/fake-wood-scams/ https://www.group-ib.com/blog/cicada3301/ In this blog, we observed how the Cicada3301 Ransomware-as-a-Service (RaaS) group operates, detailing the workflow of their affiliates within the panel and examining the Windows, Linux, ESXi, and PowerPC variants of the ransomware. Thu, 17 Oct 2024 07:26:32 https://www.group-ib.com/blog/cicada3301/ https://www.group-ib.com/blog/firming-grip-of-cyber-fraud-in-asia/ Banks' current measures against cyber fraud are falling short – and the numbers don’t lie. That said, with a hyperactive threat landscape, what steps should you take to maximize cybersecurity? Wed, 16 Oct 2024 08:00:31 https://www.group-ib.com/blog/firming-grip-of-cyber-fraud-in-asia/ https://www.group-ib.com/blog/unveiling-usb-artifacts/ Discover how USB artifacts enhance tracking user activities on files, examining the influence of operating systems, file systems, and applications on these crucial data traces. Thu, 10 Oct 2024 05:33:53 https://www.group-ib.com/blog/unveiling-usb-artifacts/ https://www.group-ib.com/blog/pig-butchering/ In this article, Group-IB specialists uncovered a large-scale fraud campaign involving fake trading apps targeting Apple iOS and Android users across multiple regions through the UniApp framework, and distributed through official app stores and phishing sites. Wed, 02 Oct 2024 05:55:12 https://www.group-ib.com/blog/pig-butchering/ https://www.group-ib.com/blog/dragonforce-ransomware/ In this blog, we look at the DragonForce ransomware group, which poses a severe threat with two variants—a LockBit fork and a customized Conti fork with advanced features and SystemBC malware. Wed, 25 Sep 2024 07:00:30 https://www.group-ib.com/blog/dragonforce-ransomware/ https://www.group-ib.com/blog/teamtnt/ Investigations into recent campaigns may suggest the reemergence of TeamTNT in 2023 to present day, since evaporating in 2022. Wed, 18 Sep 2024 06:56:21 https://www.group-ib.com/blog/teamtnt/ https://www.group-ib.com/blog/concealed-networks/ Group-IB dark web investigations: To avoid prying eyes, find out how adversaries increasingly shift from the dark web to social media to execute attacks, leak credentials, share exploitable vulnerabilities, and more. Mon, 16 Sep 2024 06:55:53 https://www.group-ib.com/blog/concealed-networks/ https://www.group-ib.com/blog/ajina-malware/ Discovered by Group-IB in May 2024, the Ajina.Banker malware is a major cyber threat in the Central Asia region, disguising itself as legitimate apps to steal banking information and intercept 2FA messages. Thu, 12 Sep 2024 04:53:01 https://www.group-ib.com/blog/ajina-malware/ https://www.group-ib.com/blog/pluggable-authentication-module/ Fri, 06 Sep 2024 06:50:27 https://www.group-ib.com/blog/pluggable-authentication-module/ https://www.group-ib.com/blog/apt-lazarus-python-scripts/ Explore the growing threats posed by the Lazarus Group's financially-driven campaign against developers. We will examine their recent Python scripts, including the CivetQ and BeaverTail malware variants, along with their updated versions in Windows and Python releases. Additionally, we will analyze their tactics, techniques, and indicators of compromise. Wed, 04 Sep 2024 06:52:35 https://www.group-ib.com/blog/apt-lazarus-python-scripts/ https://www.group-ib.com/blog/ransomhub-raas/ Learn why RansomHub's new affiliate program and its advanced ransomware tactics—recruiting former Scattered Spider members, exploiting unprotected RDP services, and exfiltrating large data volumes—are critical for staying ahead of modern cyber threats. Wed, 28 Aug 2024 06:52:55 https://www.group-ib.com/blog/ransomhub-raas/ https://www.group-ib.com/blog/linux-pro-manipulation/ Group-IB explores methods of process visibility evasion through /proc filesystem manipulation in Linux, along with effective defenses to counteract these tactics. Mon, 26 Aug 2024 13:32:18 https://www.group-ib.com/blog/linux-pro-manipulation/ https://www.group-ib.com/blog/brain-cipher-ransomware/ Deep dive into Brain Cipher ransomware group's activities and techniques, and how they are seemingly linked to other ransomware groups such as EstateRansomware and SenSayQ Wed, 14 Aug 2024 06:45:18 https://www.group-ib.com/blog/brain-cipher-ransomware/ https://www.group-ib.com/blog/compromised-mdm-credentials/ The leakage of credentials for Mobile Device Management (MDM) services could pose significant risks to organizations and their data security. Wed, 07 Aug 2024 06:25:19 https://www.group-ib.com/blog/compromised-mdm-credentials/ https://www.group-ib.com/blog/nis-2-compliance/ With NIS 2 non-compliance proving detrimental — resulting in millions in fines, business activity suspension, and more, become compliant while there’s still time! Fri, 02 Aug 2024 07:48:43 https://www.group-ib.com/blog/nis-2-compliance/ https://www.group-ib.com/blog/craxs-rat-malaysia/ CraxsRAT is a notorious Android malware family known for its Remote Administration Tools (RAT), which include remote device control and advanced spyware functions like keylogging, gesture manipulation, and recording of cameras, screens, and calls. Wed, 31 Jul 2024 06:51:26 https://www.group-ib.com/blog/craxs-rat-malaysia/ https://www.group-ib.com/blog/gxc-team-unmasked/ Specializing in AI-powered phishing-as-a-service and Android malware capable of intercepting OTP codes, the GXC Team targets Spanish bank users and 30 institutions worldwide Thu, 25 Jul 2024 05:58:10 https://www.group-ib.com/blog/gxc-team-unmasked/ https://www.group-ib.com/blog/qilin-revisited/ Discover the insidious tactics of the Qilin ransomware group, notorious for their $50 million attack on the healthcare sector, impacting key NHS hospitals. Wed, 17 Jul 2024 06:00:37 https://www.group-ib.com/blog/qilin-revisited/ https://www.group-ib.com/blog/digital-risk-protection/ The digital space is riddled with risks to your brand. Ensure it stays defended with Group-IB Digital Risk Protection’s automated violation detection and takedown. Mon, 15 Jul 2024 07:51:30 https://www.group-ib.com/blog/digital-risk-protection/ https://www.group-ib.com/blog/estate-ransomware/ Delaying security updates and neglecting regular reviews created vulnerabilities that were exploited by attackers, resulting in severe ransomware consequences. Wed, 10 Jul 2024 05:55:28 https://www.group-ib.com/blog/estate-ransomware/ https://www.group-ib.com/blog/cyber-fraud-prevention/ Where adversaries do not hesitate to initiate blended attacks combining multiple tactics, why are security teams still operating in silos? Mon, 08 Jul 2024 07:48:57 https://www.group-ib.com/blog/cyber-fraud-prevention/ https://www.group-ib.com/blog/eldorado-ransomware/ All about Eldorado Ransomware and how its affiliates make their own samples for distribution. Wed, 03 Jul 2024 05:59:17 https://www.group-ib.com/blog/eldorado-ransomware/ https://www.group-ib.com/blog/mssp-competitive-edge/ How to best empower your business clients’ cybersecurity with critical cyber threat intelligence Mon, 01 Jul 2024 07:41:53 https://www.group-ib.com/blog/mssp-competitive-edge/ https://www.group-ib.com/blog/craxs-rat-malware/ The scam schemes enabled by Craxs Rat malware provide complete remote control of the victims’ devices. Defend yourself from being next. Wed, 26 Jun 2024 06:37:34 https://www.group-ib.com/blog/craxs-rat-malware/ https://www.group-ib.com/blog/boolka/ Uncovering the operations of threat actor Boolka, driven by the creation of malicious scripts, malware trojans, sophisticated malware delivery platforms, and more. Fri, 21 Jun 2024 05:25:18 https://www.group-ib.com/blog/boolka/ https://www.group-ib.com/blog/goldpickaxe-ios-trojan/ Learn how to protect your devices against evolving iOS threats Wed, 05 Jun 2024 09:01:42 https://www.group-ib.com/blog/goldpickaxe-ios-trojan/ https://www.group-ib.com/blog/genai-or-not-genai/ Amidst the GenAI revolution, how can you harness its potential to boost cybersecurity? Mon, 27 May 2024 07:56:10 https://www.group-ib.com/blog/genai-or-not-genai/ https://www.group-ib.com/blog/gdpr/ Does the GDPR, designed to protect customer data, unintentionally create opportunities for cybercriminals to exploit it? Mon, 20 May 2024 07:55:10 https://www.group-ib.com/blog/gdpr/ https://www.group-ib.com/blog/generative-ai/ Fraudsters see potential in generative AI to defraud the gambling industry. Here’s how. Mon, 06 May 2024 14:01:04 https://www.group-ib.com/blog/generative-ai/ https://www.group-ib.com/blog/labhost-operation/ Group-IB takes part in a global operation to cripple Canadian Phishing-as-a-Service provider LabHost Thu, 18 Apr 2024 11:09:03 https://www.group-ib.com/blog/labhost-operation/ https://www.group-ib.com/blog/hunting-rituals-4/ Actionable insights on hunting for Windows Management Instrumentation (WMI) execution abuse Fri, 29 Mar 2024 07:58:20 https://www.group-ib.com/blog/hunting-rituals-4/ https://www.group-ib.com/blog/pegasus-spyware/ How does Pegasus and other spyware work discreetly to access everything on your iOS device? Fri, 15 Mar 2024 08:04:00 https://www.group-ib.com/blog/pegasus-spyware/ https://www.group-ib.com/blog/vietcredcare-stealer/ Group-IB discovers new information stealer targeting Vietnam with rare functionality to filter out Facebook accounts with advertising credits Wed, 21 Feb 2024 07:58:51 https://www.group-ib.com/blog/vietcredcare-stealer/ https://www.group-ib.com/blog/goldfactory-ios-trojan/ Group-IB uncovers the first iOS Trojan harvesting facial recognition data used for unauthorized access to bank accounts. The GoldDigger family grows Thu, 15 Feb 2024 08:02:24 https://www.group-ib.com/blog/goldfactory-ios-trojan/ https://www.group-ib.com/blog/resumelooters/ ResumeLooters gang infects websites with XSS scripts and SQL injections to vacuum up job seekers' personal data and CVs Tue, 06 Feb 2024 06:59:26 https://www.group-ib.com/blog/resumelooters/ https://www.group-ib.com/blog/inferno-drainer/ Inferno Drainer may have shut down in November 2023, but users of the devastating scam-as-a-service platform still pose a risk as they look for other avenues. Tue, 16 Jan 2024 07:58:58 https://www.group-ib.com/blog/inferno-drainer/ https://www.group-ib.com/blog/hunting-rituals-3/ Actionable guide to hunting for the scheduled tasks by using Group-IB MXDR Fri, 29 Dec 2023 07:59:41 https://www.group-ib.com/blog/hunting-rituals-3/ https://www.group-ib.com/blog/cybersecurity-trends-part-2/ Cybersecurity is changing, and changing fast. Learn how Group-IB can help you lead the change instead of being carried by it. Wed, 27 Dec 2023 07:56:25 https://www.group-ib.com/blog/cybersecurity-trends-part-2/ https://www.group-ib.com/blog/cybersecurity-trends-part-1/ Cybersecurity is changing, and changing fast. Learn how Group-IB can help you lead the change instead of being carried by it. Wed, 20 Dec 2023 07:55:30 https://www.group-ib.com/blog/cybersecurity-trends-part-1/ https://www.group-ib.com/blog/you-versus-adversaries-part-2/ Cybersecurity essentials that ensure your business stays undisrupted in the upcoming year. Fri, 15 Dec 2023 07:56:29 https://www.group-ib.com/blog/you-versus-adversaries-part-2/ https://www.group-ib.com/blog/gambleforce-gang/ Analysis of TTPs tied to GambleForce, which carried out SQL injection attacks against companies in the APAC region Thu, 14 Dec 2023 06:02:09 https://www.group-ib.com/blog/gambleforce-gang/ https://www.group-ib.com/blog/you-versus-adversaries-part-1/ Cybersecurity essentials that will ensure your business stays undisrupted in the upcoming year. Fri, 08 Dec 2023 06:57:45 https://www.group-ib.com/blog/you-versus-adversaries-part-1/ https://www.group-ib.com/blog/krasue-rat/ This piece of malware has an insatiable appetite. Group-IB's Threat Intelligence unit offers their insights on the new RAT used in attacks against Thai companies. Thu, 07 Dec 2023 05:56:15 https://www.group-ib.com/blog/krasue-rat/ https://www.group-ib.com/blog/hunting-rituals-windows-services-part-2/ Actionable guide to hunting for the Windows Services abuse by using Group-IB MXDR. Wed, 22 Nov 2023 11:20:09 https://www.group-ib.com/blog/hunting-rituals-windows-services-part-2/ https://www.group-ib.com/blog/farnetwork/ Take a deep dive into the operations of one of the most active players in the Ransomware-as-a-Service market. Wed, 08 Nov 2023 07:59:58 https://www.group-ib.com/blog/farnetwork/ https://www.group-ib.com/blog/untold-story-insiders-gambit/ Get a close look at details of the most notable cases faced by Group-IB’s Digital Forensics and Incident Response (DFIR) team Tue, 24 Oct 2023 08:28:50 https://www.group-ib.com/blog/untold-story-insiders-gambit/ https://www.group-ib.com/blog/middle-east-conflict-week-1/ Hacktivists take center stage with DDoS, defacement attacks – summary of Week 1 and 2 of the conflict. Tue, 17 Oct 2023 08:58:04 https://www.group-ib.com/blog/middle-east-conflict-week-1/ https://www.group-ib.com/blog/christmas-miracle-incident-response/ Twas the night before Christmas, when out came the cry, a cyberattack is happening, so stop them, won’t you try? Mon, 16 Oct 2023 10:04:31 https://www.group-ib.com/blog/christmas-miracle-incident-response/ https://www.group-ib.com/blog/golddigger-fraud-matrix/ Delve into the tactics of the GoldDigger Trojan and discover ways to safeguard your customers Thu, 05 Oct 2023 06:55:04 https://www.group-ib.com/blog/golddigger-fraud-matrix/ https://www.group-ib.com/blog/shadowsyndicate-raas/ No sleep until the Cybercrime Fighters Club is done with finding the answer as to who is behind this new ransomware-as-a-service affiliate. Tue, 26 Sep 2023 07:55:51 https://www.group-ib.com/blog/shadowsyndicate-raas/ https://www.group-ib.com/blog/mxdr-cryptominer/ Group-IB analysts discovered and analyzed a cryptojacking campaign on a popular educational resource using Group-IB Managed XDR. Fri, 22 Sep 2023 07:57:12 https://www.group-ib.com/blog/mxdr-cryptominer/ https://www.group-ib.com/blog/hunting-rituals-windows-services-part-1/ Actionable guide to hunting for the Windows Services abuse by using Group-IB MXDR. Wed, 20 Sep 2023 07:59:04 https://www.group-ib.com/blog/hunting-rituals-windows-services-part-1/ https://www.group-ib.com/blog/incident-response-with-dmitry-volkov/ Gather valuable insights on how incident response can be a make-or-break factor in securing your business. Mon, 18 Sep 2023 07:28:59 https://www.group-ib.com/blog/incident-response-with-dmitry-volkov/ https://www.group-ib.com/blog/investment-scam-global/ Group-IB Digital Risk Protection uncovers malicious campaign leveraging almost 900 scam pages with potential financial damage estimated at $280,000 over four-month span Thu, 07 Sep 2023 08:00:20 https://www.group-ib.com/blog/investment-scam-global/ https://www.group-ib.com/blog/airline-loyalty-program-protection/ Uncover the vulnerabilities crippling the airline industry and learn how to implement appropriate countermeasures Tue, 05 Sep 2023 06:59:48 https://www.group-ib.com/blog/airline-loyalty-program-protection/ https://www.group-ib.com/blog/classiscam-2023/ The automated scam-as-a-service program designed to steal your money and data is still going strong four years after launch Thu, 31 Aug 2023 07:59:10 https://www.group-ib.com/blog/classiscam-2023/ https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day/ Spoof extensions help cybercriminals target users on trading forums as 130 devices still infected at time of writing Wed, 23 Aug 2023 08:59:19 https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day/ https://www.group-ib.com/blog/hunting-rituals-dll-side-loading/ Actionable guide to hunting for the DLL side-loading threat by using Group-IB MXDR. Thu, 17 Aug 2023 09:48:58 https://www.group-ib.com/blog/hunting-rituals-dll-side-loading/ https://www.group-ib.com/blog/gigabud-banking-malware/ Uncover the disruptive nature of Gigabud malware and take proactive measures to mitigate the associated risks Mon, 14 Aug 2023 07:59:38 https://www.group-ib.com/blog/gigabud-banking-malware/ https://www.group-ib.com/blog/cybercrime-fighters-club/ Fighting cybercrime is more effective when we work together. Find out more about how you can work with Group-IB to document emerging threats. Fri, 04 Aug 2023 07:59:12 https://www.group-ib.com/blog/cybercrime-fighters-club/ https://www.group-ib.com/blog/mysterious-team-bangladesh/ Analysis of a highly active hacktivist group with global reach Thu, 03 Aug 2023 08:01:37 https://www.group-ib.com/blog/mysterious-team-bangladesh/ https://www.group-ib.com/blog/cloud-infrastructure-threats/ Discover how organizations unwittingly create vulnerabilities by misconfiguring their cloud infrastructure Mon, 10 Jul 2023 07:58:36 https://www.group-ib.com/blog/cloud-infrastructure-threats/ https://www.group-ib.com/blog/cryptoslabs-investment-scams/ Get all the undisclosed details that our investigators uncovered on CryptosLabs' full scope of fraudulent schemes Thu, 15 Jun 2023 07:01:32 https://www.group-ib.com/blog/cryptoslabs-investment-scams/ https://www.group-ib.com/blog/operation-triangulation/ What we know about APT campaign to date and how to detect it Fri, 02 Jun 2023 14:29:40 https://www.group-ib.com/blog/operation-triangulation/ https://www.group-ib.com/blog/dark-pink-episode-2/ APT Dark Pink is back with 5 victims in new countries. Wed, 31 May 2023 07:58:23 https://www.group-ib.com/blog/dark-pink-episode-2/ https://www.group-ib.com/blog/api-security-best-practices/ Security misconfiguration, excessive data exposure, and injections top three API vulnerability types for financial and tech firms Tue, 30 May 2023 09:00:33 https://www.group-ib.com/blog/api-security-best-practices/ https://www.group-ib.com/blog/hunting-sidewinder/ Bridewell and Group-IB expose the APT’s unknown infrastructure Wed, 17 May 2023 07:57:37 https://www.group-ib.com/blog/hunting-sidewinder/ https://www.group-ib.com/blog/qilin-ransomware/ All you need to know about Qilin ransomware and its operations targeting critical sectors. Mon, 15 May 2023 08:20:09 https://www.group-ib.com/blog/qilin-ransomware/ https://www.group-ib.com/blog/managed-xdr-updates/ New and modified malware detonation capabilities in Group-IB’s Managed XDR and Business Email Protection solutions for precise threat detection and analysis Tue, 02 May 2023 08:59:18 https://www.group-ib.com/blog/managed-xdr-updates/ https://www.group-ib.com/blog/meta-phishing-campaign/ Group-IB Digital Risk Protection discovers more than 3,200 fake Facebook profiles in ongoing phishing campaign that sees scammers impersonate Meta support staff Tue, 25 Apr 2023 04:19:56 https://www.group-ib.com/blog/meta-phishing-campaign/ https://www.group-ib.com/blog/phishing-investigation-guide/ How to investigate phishing campaigns Fri, 21 Apr 2023 03:56:41 https://www.group-ib.com/blog/phishing-investigation-guide/ https://www.group-ib.com/blog/muddywater-infrastructure/ Group-IB analysts discovered the new MuddyWater infrastructure while researching the pro-state group’s use of the legitimate SimpleHelp tool. Tue, 18 Apr 2023 07:56:18 https://www.group-ib.com/blog/muddywater-infrastructure/ https://www.group-ib.com/blog/bablock-ransomware/ Group-IB uncovers a new stealthy ransomware strain Tue, 04 Apr 2023 17:24:46 https://www.group-ib.com/blog/bablock-ransomware/ https://www.group-ib.com/blog/3cx-supply-chain-attack/ What is known about the 3CX supply chain incident and how to defend against it? Fri, 31 Mar 2023 10:59:09 https://www.group-ib.com/blog/3cx-supply-chain-attack/ https://www.group-ib.com/blog/venomous-vacancies/ Group-IB uncovers more than 2,400 scam job pages in ongoing campaign targeting users in Egypt, KSA, Algeria, and 10 other MEA countries. Tue, 21 Mar 2023 04:13:49 https://www.group-ib.com/blog/venomous-vacancies/ https://www.group-ib.com/blog/bleak-outlook/ Microsoft Outlook Elevation of Privilege Vulnerability Fri, 17 Mar 2023 14:22:40 https://www.group-ib.com/blog/bleak-outlook/ https://www.group-ib.com/blog/banking-malware/ Mobile banking users are being manipulated by attackers to authorize fraudulent transactions. Learn what financial service providers can do to render these organized crimes powerless. Mon, 20 Feb 2023 09:52:20 https://www.group-ib.com/blog/banking-malware/ https://www.group-ib.com/blog/malware-bundles/ What happens when you combine ransomware with information stealers, remote access Trojans, and other malware in one easy-to-download package? Fri, 17 Feb 2023 07:57:45 https://www.group-ib.com/blog/malware-bundles/ https://www.group-ib.com/blog/tonto-team/ How a nation-state APT attempted to attack Group-IB Mon, 13 Feb 2023 06:57:50 https://www.group-ib.com/blog/tonto-team/ https://www.group-ib.com/blog/know-thy-enemy/ Which cybercrimes will dominate the threat landscape for 2023 and beyond? Find out! Fri, 10 Feb 2023 08:11:33 https://www.group-ib.com/blog/know-thy-enemy/ https://www.group-ib.com/blog/dark-pink-apt/ New APT hitting Asia-Pacific, Europe that goes deeper and darker Wed, 11 Jan 2023 07:17:07 https://www.group-ib.com/blog/dark-pink-apt/ https://www.group-ib.com/blog/godfather-trojan/ Group-IB discovers banking Trojan targeting users of more than 400 apps in 16 countries Wed, 21 Dec 2022 13:38:26 https://www.group-ib.com/blog/godfather-trojan/ https://www.group-ib.com/blog/scam-free-christmas/ 8 online scams to protect your customers from Fri, 16 Dec 2022 13:42:55 https://www.group-ib.com/blog/scam-free-christmas/ https://www.group-ib.com/blog/money-mules/ A money mule is someone who moves stolen funds across bank accounts on behalf of cybercriminals. Learn how money mules operate and how you can proactively counteract mule accounts. Mon, 28 Nov 2022 13:47:24 https://www.group-ib.com/blog/money-mules/ https://www.group-ib.com/blog/hired-hand/ Group-IB uncovers one thousand (and one) fake domains part of a scam campaign targeting users in KSA Wed, 09 Nov 2022 13:54:58 https://www.group-ib.com/blog/hired-hand/ https://www.group-ib.com/blog/opera1er-apt-fr/ En 2019, l'équipe Threat Intelligence de Group-IB a détecté une série d'attaques ciblant des organisations financières en Afrique. Thu, 03 Nov 2022 13:30:37 https://www.group-ib.com/blog/opera1er-apt-fr/ https://www.group-ib.com/blog/opera1er-apt/ The French-speaking gang managed to carry out over 30 successful attacks on banks, financial services and telecommunications companies, mainly located in Africa. Thu, 03 Nov 2022 11:26:00 https://www.group-ib.com/blog/opera1er-apt/ https://www.group-ib.com/blog/majikpos-treasurehunter-malware/ Analysis of months-long MajikPOS and Treasure Hunter campaign that infected dozens of terminals Mon, 24 Oct 2022 07:31:09 https://www.group-ib.com/blog/majikpos-treasurehunter-malware/ https://www.group-ib.com/blog/deadbolt-ransomware-decryption/ The Group-IB Incident Response Team investigated an incident related to a DeadBolt attack and analyzed a DeadBolt ransomware sample Wed, 19 Oct 2022 11:52:51 https://www.group-ib.com/blog/deadbolt-ransomware-decryption/ https://www.group-ib.com/blog/scam-is-rising/ With well-set digital marketing campaigns and professional call-centres Mon, 17 Oct 2022 14:19:13 https://www.group-ib.com/blog/scam-is-rising/ https://www.group-ib.com/blog/attack-surface-management/ How Group-IB Attack Surface Management ensures full mastery of your external attack surface Wed, 28 Sep 2022 14:13:57 https://www.group-ib.com/blog/attack-surface-management/ https://www.group-ib.com/blog/steam/ Hackers use the browser-in-the-browser technique to steal Steam accounts Tue, 13 Sep 2022 12:11:28 https://www.group-ib.com/blog/steam/ https://www.group-ib.com/blog/0ktapus/ Over 130 organizations have been compromised in a sophisticated attack using simple phishing kits Thu, 25 Aug 2022 09:02:13 https://www.group-ib.com/blog/0ktapus/ https://www.group-ib.com/blog/apt41-world-tour-2021/ 4 malicious campaigns, 13 confirmed victims, and a new wave of Cobalt Strike infections Thu, 18 Aug 2022 08:48:58 https://www.group-ib.com/blog/apt41-world-tour-2021/ https://www.group-ib.com/blog/switching-side-jobs/ Links between ATMZOW JS-sniffer and Hancitor Wed, 17 Aug 2022 12:14:40 https://www.group-ib.com/blog/switching-side-jobs/ https://www.group-ib.com/blog/malibot/ Detecting MaliBot, a fresh Android banking trojan, with a Fraud Protection solution Thu, 11 Aug 2022 15:39:08 https://www.group-ib.com/blog/malibot/ https://www.group-ib.com/blog/investment-scams-europe/ How we almost got rich Fri, 29 Jul 2022 08:54:48 https://www.group-ib.com/blog/investment-scams-europe/ https://www.group-ib.com/blog/managed-xdr/ What Group-IB’s new all-in-one solution offers: cybersecurity management, network event analysis, and lightning-fast stops to attacks Mon, 25 Jul 2022 11:38:45 https://www.group-ib.com/blog/managed-xdr/ https://www.group-ib.com/blog/unified-risk-platform/ Group-IB’s platform allows organizations to overcome cyber risks Thu, 30 Jun 2022 09:23:31 https://www.group-ib.com/blog/unified-risk-platform/ https://www.group-ib.com/blog/gozi-latest-ttps/ Hunting the latest TTPs used for delivering the Trojan Fri, 24 Jun 2022 15:42:35 https://www.group-ib.com/blog/gozi-latest-ttps/ https://www.group-ib.com/blog/rostovtsev/ Nikita Rostovtsev on current cyber threats and his profession Thu, 16 Jun 2022 15:48:13 https://www.group-ib.com/blog/rostovtsev/ https://www.group-ib.com/blog/brazil-exposed-db/ Unsecured public-facing database allowed anyone to access ID selfies for months Thu, 16 Jun 2022 13:14:03 https://www.group-ib.com/blog/brazil-exposed-db/ https://www.group-ib.com/blog/phishing-vietnam-banks/ Group-IB identifies massive campaign capable of targeting clients of major Vietnamese banks Thu, 09 Jun 2022 15:53:45 https://www.group-ib.com/blog/phishing-vietnam-banks/ https://www.group-ib.com/blog/sidewinder-antibot/ APT SideWinder’s new tool that narrows their reach to Pakistan Wed, 01 Jun 2022 13:56:14 https://www.group-ib.com/blog/sidewinder-antibot/ https://www.group-ib.com/blog/oldgremlin-comeback/ Russian-speaking ransomware gang OldGremlin resumes attacks in Russia Thu, 14 Apr 2022 11:36:16 https://www.group-ib.com/blog/oldgremlin-comeback/ https://www.group-ib.com/blog/fake-crypto-giveaway/ Fake giveaways hit bitcoiners again. Now on YouTube Fri, 08 Apr 2022 15:57:04 https://www.group-ib.com/blog/fake-crypto-giveaway/ https://www.group-ib.com/blog/spring4shell/ What we know about Spring4Shell so far Thu, 31 Mar 2022 12:05:57 https://www.group-ib.com/blog/spring4shell/ https://www.group-ib.com/blog/fake-delivery-scams-singapore/ Group-IB unveils three groups of fraudsters behind delivery scams in Singapore Mon, 28 Mar 2022 13:33:49 https://www.group-ib.com/blog/fake-delivery-scams-singapore/ https://www.group-ib.com/blog/assetzero/ Intelligence-Driven Attack Surface Management Tue, 15 Mar 2022 13:56:22 https://www.group-ib.com/blog/assetzero/ https://www.group-ib.com/blog/5-ransomware-tips/ With ransomware attacks on the rise, companies need to take a proactive approach to security. Group-IB has put together a list of actionable tips to help you protect your organization from the ransomware threats in 2022. Fri, 18 Feb 2022 11:59:04 https://www.group-ib.com/blog/5-ransomware-tips/ https://www.group-ib.com/blog/atmosphere/ Weak points in modern-day corporate email security Mon, 07 Feb 2022 13:37:50 https://www.group-ib.com/blog/atmosphere/ https://www.group-ib.com/blog/ml-in-investigations/ Cybersecurity analyst's guide on how to use machine learning to show cybercriminals' true colors Fri, 28 Jan 2022 13:42:08 https://www.group-ib.com/blog/ml-in-investigations/ https://www.group-ib.com/blog/log4shell/ Group-IB's recommendations to mitigate this vulnerability and protect your organization. Thu, 23 Dec 2021 14:01:16 https://www.group-ib.com/blog/log4shell/ https://www.group-ib.com/blog/tia-mitre/ Thu, 23 Dec 2021 13:51:31 https://www.group-ib.com/blog/tia-mitre/ https://www.group-ib.com/blog/target/ Behind the scenes of targeted scams Tue, 21 Dec 2021 14:05:05 https://www.group-ib.com/blog/target/ https://www.group-ib.com/blog/hive/ Deep dive into Hive RaaS, analysis of latest samples Thu, 09 Dec 2021 12:57:59 https://www.group-ib.com/blog/hive/ https://www.group-ib.com/blog/blackmatter2/ BlackMatter and their victims Wed, 03 Nov 2021 14:16:14 https://www.group-ib.com/blog/blackmatter2/ https://www.group-ib.com/blog/cannibal-carders-fake-shops/ Group-IB uncovers largest networks of fake shops – phishing websites disguised as card shops Thu, 28 Oct 2021 14:19:19 https://www.group-ib.com/blog/cannibal-carders-fake-shops/ https://www.group-ib.com/blog/middle-east-scam/ Scammers attack users in Middle Eastern countries Fri, 17 Sep 2021 14:30:10 https://www.group-ib.com/blog/middle-east-scam/ https://www.group-ib.com/blog/runlir/ Phishers take an approach to bypass security controls never seen in the country Thu, 16 Sep 2021 14:26:56 https://www.group-ib.com/blog/runlir/ https://www.group-ib.com/blog/tailored-threat-intel/ How we make Tailored Threat Intelligence Fri, 13 Aug 2021 14:33:02 https://www.group-ib.com/blog/tailored-threat-intel/ https://www.group-ib.com/blog/awc/ AWC joins illicit carding business by offering 1 Mln compromised cards for free Fri, 06 Aug 2021 14:36:52 https://www.group-ib.com/blog/awc/ https://www.group-ib.com/blog/blackmatter-ransomware/ The story behind the BlackMatter ransomware strain Fri, 06 Aug 2021 07:28:37 https://www.group-ib.com/blog/blackmatter-ransomware/ https://www.group-ib.com/blog/prometheus-tds/ The key to success for Campo Loader, Hancitor, IcedID, and QBot Thu, 05 Aug 2021 12:39:35 https://www.group-ib.com/blog/prometheus-tds/ https://www.group-ib.com/blog/task/ Chinese APTs attack Russia Tue, 03 Aug 2021 07:33:23 https://www.group-ib.com/blog/task/ https://www.group-ib.com/blog/gib-tia-db/ Dive into Breached DB section Thu, 29 Jul 2021 07:42:49 https://www.group-ib.com/blog/gib-tia-db/ https://www.group-ib.com/blog/fraud-family-nl/ Fraud-as-a-Service operation targeting Dutch residents Thu, 22 Jul 2021 07:45:28 https://www.group-ib.com/blog/fraud-family-nl/ https://www.group-ib.com/blog/grimagent/ The reversing tale of GrimAgent malware used by Ryuk Fri, 02 Jul 2021 07:51:15 https://www.group-ib.com/blog/grimagent/ https://www.group-ib.com/blog/revil-raas/ Deep Dive into Prolific RaaS Affiliates' TTPs Wed, 30 Jun 2021 08:05:56 https://www.group-ib.com/blog/revil-raas/ https://www.group-ib.com/blog/colunmtk-apt41/ APT41 likely behind a third-party attack on Air India Thu, 10 Jun 2021 09:26:10 https://www.group-ib.com/blog/colunmtk-apt41/ https://www.group-ib.com/blog/fontpack/ Attribution secrets: Who is behind stealing credentials and bank card data by asking to install fake Flash Player, browser or font updates? Thu, 03 Jun 2021 08:14:27 https://www.group-ib.com/blog/fontpack/ https://www.group-ib.com/blog/blackcat/ An analysis of the BlackCat ransomware affiliate program Fri, 14 May 2021 09:09:38 https://www.group-ib.com/blog/blackcat/ https://www.group-ib.com/blog/hancitor-cuba-ransomware/ Hancitor fuels Cuba Ransomware Operations Fri, 07 May 2021 08:17:59 https://www.group-ib.com/blog/hancitor-cuba-ransomware/ https://www.group-ib.com/blog/grelosgtm/ Group-IB specialists detected GrelosGTM group started to abuse Google Tag Manager legitimate functionality for their own purposes in infections of online shops. Thu, 06 May 2021 08:21:54 https://www.group-ib.com/blog/grelosgtm/ https://www.group-ib.com/blog/btc-changer/ Back in action with JS sniffers redesigned to steal crypto Wed, 14 Apr 2021 08:29:32 https://www.group-ib.com/blog/btc-changer/ https://www.group-ib.com/blog/phishing-kits/ Group-IB's Computer Emergency Response Team built a solid phishing kit database, which helps Group-IB fight phishing that targets specific brands. Mon, 12 Apr 2021 08:30:15 https://www.group-ib.com/blog/phishing-kits/ https://www.group-ib.com/blog/swarmshop/ The rise and fall of illicit cardshop breached twice in two years Thu, 08 Apr 2021 08:42:10 https://www.group-ib.com/blog/swarmshop/ https://www.group-ib.com/blog/rats-nigeria/ The analysis of phishing campaigns carried out by a new threat actor Mon, 05 Apr 2021 08:45:48 https://www.group-ib.com/blog/rats-nigeria/ https://www.group-ib.com/blog/bootkits/ Let's hunt some bootkits Wed, 17 Mar 2021 08:49:43 https://www.group-ib.com/blog/bootkits/ https://www.group-ib.com/blog/e1rb/ Analysis of the E1RB JS sniffer family Mon, 15 Mar 2021 08:52:50 https://www.group-ib.com/blog/e1rb/ https://www.group-ib.com/blog/classiscam/ A deep dive into Classiscam: automated scam as a service designed to steal money and payment data Mon, 01 Mar 2021 09:02:38 https://www.group-ib.com/blog/classiscam/ https://www.group-ib.com/blog/gitlab-jenkins-forensics/ Forensic examination of incidents involving source code leaks Tue, 26 Jan 2021 09:13:04 https://www.group-ib.com/blog/gitlab-jenkins-forensics/ https://www.group-ib.com/blog/ultrarank/ As part of UltraRank's new campaign, Group-IB Threat Intelligence team discovered 12 eCommerce websites infected with their JavaScript-sniffer. Wed, 23 Dec 2020 09:19:08 https://www.group-ib.com/blog/ultrarank/ https://www.group-ib.com/blog/fakesecurity-raccoon/ A story about operators of JS-sniffer FakeSecurity distributing Raccoon stealer Mon, 07 Dec 2020 09:23:16 https://www.group-ib.com/blog/fakesecurity-raccoon/ https://www.group-ib.com/blog/egregor/ Analysis of TTPs employed by Egregor operators Fri, 20 Nov 2020 13:34:07 https://www.group-ib.com/blog/egregor/ https://www.group-ib.com/blog/oldgremlin/ Top Russian companies and banks under attack from OldGremlin - a group controlling TinyCryptor ransomware Sun, 01 Nov 2020 13:38:20 https://www.group-ib.com/blog/oldgremlin/ https://www.group-ib.com/blog/fhp/ Keeping user digital identity safe Sat, 10 Oct 2020 13:41:46 https://www.group-ib.com/blog/fhp/ https://www.group-ib.com/blog/prolock-evolution/ Dive in Recent ProLock's Big Game Hunting Thu, 10 Sep 2020 13:46:02 https://www.group-ib.com/blog/prolock-evolution/ https://www.group-ib.com/blog/shelf/ Top 11 books on digital forensics, incident response, and malware analysis Sun, 05 Jul 2020 13:51:07 https://www.group-ib.com/blog/shelf/ https://www.group-ib.com/blog/icedid/ When ice burns through bank accounts Fri, 29 May 2020 13:54:50 https://www.group-ib.com/blog/icedid/ https://www.group-ib.com/blog/prolock/ The success of enterprise ransomware attacks has motivated more and more threat actors to join the game. Thu, 14 May 2020 14:09:41 https://www.group-ib.com/blog/prolock/ https://www.group-ib.com/blog/perswaysion/ Playbook of Microsoft Document Sharing-Based Phishing Attack Thu, 30 Apr 2020 14:12:30 https://www.group-ib.com/blog/perswaysion/ https://www.group-ib.com/blog/featureusage/ Useful feature that can help forensic analysts and incident responders to reconstruct user activities. Tue, 28 Apr 2020 14:27:05 https://www.group-ib.com/blog/featureusage/ https://www.group-ib.com/blog/forensics-edge/ Explore the forensic perspective of the Microsoft Edge Chromium-based version and its features, such as msedge_proxy, edge cache location, and more. Thu, 20 Feb 2020 09:13:30 https://www.group-ib.com/blog/forensics-edge/ https://www.group-ib.com/blog/nextcloud/ Forensic artifacts, which can be found during forensic examination of a Windows endpoint. Fri, 17 Jan 2020 14:32:26 https://www.group-ib.com/blog/nextcloud/ https://www.group-ib.com/blog/cobaltphishing/ Cobalt Gang is alive and well, and continued to attack financial institutions around the globe in 2019. Fri, 20 Dec 2019 14:35:41 https://www.group-ib.com/blog/cobaltphishing/ https://www.group-ib.com/blog/hunting-for-ttps-with-prefetch-files/ Windows Prefetch files were introduced in Windows XP and since that time have helped digital forensics analysts and incident responders find evidence of execution. Wed, 11 Dec 2019 14:37:40 https://www.group-ib.com/blog/hunting-for-ttps-with-prefetch-files/ https://www.group-ib.com/blog/graph-network-analysis/ The story about Group-IB searching for graph analysis solution and creating its own unique instrument Mon, 18 Nov 2019 14:41:18 https://www.group-ib.com/blog/graph-network-analysis/ https://www.group-ib.com/blog/fakesecurity/ Group-IB specialists detected a new JS-sniffer family called FakeSecurity. Fri, 08 Nov 2019 14:52:40 https://www.group-ib.com/blog/fakesecurity/ https://www.group-ib.com/blog/whatsapp-forensic-artifacts/ All about WhatsApp forensics and the wealth of data extracted from a device through forensic analysis. Thu, 07 Nov 2019 12:14:04 https://www.group-ib.com/blog/whatsapp-forensic-artifacts/ https://www.group-ib.com/blog/fakeapt28/ Group-IB experts have detected a massive email campaign spreading similar ransom demands sent to banks and financial organizations across the word. Tue, 05 Nov 2019 14:43:51 https://www.group-ib.com/blog/fakeapt28/ https://www.group-ib.com/blog/windows10-timeline-for-forensics/ How Windows 10 Timeline Can Help Forensic Experts Fri, 04 Oct 2019 13:23:40 https://www.group-ib.com/blog/windows10-timeline-for-forensics/ https://www.group-ib.com/blog/troldesh/ Mon, 30 Sep 2019 14:46:13 https://www.group-ib.com/blog/troldesh/ https://www.group-ib.com/blog/digital-forensics-tools/ Igor Mikhailov gave his review of the best software and hardware solutions for computer forensics. Thu, 26 Sep 2019 09:56:39 https://www.group-ib.com/blog/digital-forensics-tools/ https://www.group-ib.com/blog/voice-kids-investigation/ Tue, 11 Jun 2019 13:36:33 https://www.group-ib.com/blog/voice-kids-investigation/ https://www.group-ib.com/blog/muddywater/ How the hacker group MuddyWater attacked a Turkish manufacturer of military electronics Wed, 29 May 2019 07:08:27 https://www.group-ib.com/blog/muddywater/ https://www.group-ib.com/blog/rtm/ Forensic examination of a computer infected with a banking trojan Wed, 08 May 2019 14:48:55 https://www.group-ib.com/blog/rtm/ https://www.group-ib.com/blog/coffemokko/ Group-IB researchers have discovered 38 families of JS-sniffers, whereas only 12 were known previously. Fri, 26 Apr 2019 14:58:46 https://www.group-ib.com/blog/coffemokko/ https://www.group-ib.com/blog/illum/ Group-IB researchers discovered Illum JS-sniffers family designed to steal payment data of customers of online stores. Thu, 25 Apr 2019 15:16:26 https://www.group-ib.com/blog/illum/ https://www.group-ib.com/blog/g-analytics/ Group-IB discovered that the stolen payment cards data is sold through an underground store specially created for this purpose. Fri, 19 Apr 2019 15:18:52 https://www.group-ib.com/blog/g-analytics/ https://www.group-ib.com/blog/reactget/ ReactGet is one of the most interesting families of JS-sniffers, designed to steal banking cards data from online stores. Tue, 09 Apr 2019 15:22:28 https://www.group-ib.com/blog/reactget/ https://www.group-ib.com/blog/gustuff/ Android Trojan named «Gustuff» capable of targeting more than 100 global banking apps, a number of cryptocurrency and marketplace applications Thu, 04 Apr 2019 15:25:41 https://www.group-ib.com/blog/gustuff/ https://www.group-ib.com/blog/torrents/ Currently, a total of 80% of pirated films and almost 90% of TV series are being watched online Tue, 05 Feb 2019 13:28:56 https://www.group-ib.com/blog/torrents/ https://www.group-ib.com/blog/silence/ Group-IB has exposed the attacks committed by Silence cybercriminal group. Wed, 05 Sep 2018 11:51:50 https://www.group-ib.com/blog/silence/ https://www.group-ib.com/blog/renaissance/ New attacks and joint operations Tue, 29 May 2018 11:56:52 https://www.group-ib.com/blog/renaissance/ https://www.group-ib.com/blog/moneytaker/ Group-IB has uncovered a hacker group attacking banks in the USA and Russia Mon, 11 Dec 2017 12:12:33 https://www.group-ib.com/blog/moneytaker/ https://www.group-ib.com/blog/antivirus/ Mon, 27 Nov 2017 08:39:32 https://www.group-ib.com/blog/antivirus/ https://www.group-ib.com/blog/hype/ How faudsters cash in on hype around new iPhones Thu, 02 Nov 2017 13:04:07 https://www.group-ib.com/blog/hype/ https://www.group-ib.com/blog/reportbadrabbit/ Research revealed that the BadRabbit code was compiled from NotPetya sources. Thu, 26 Oct 2017 12:15:33 https://www.group-ib.com/blog/reportbadrabbit/ https://www.group-ib.com/blog/badrabbit/ There is a connection between BadRabbit and Not Petya Tue, 24 Oct 2017 12:22:35 https://www.group-ib.com/blog/badrabbit/ https://www.group-ib.com/blog/black-label/ Russia has developed a strong legal framework to combat online piracy. All that is needed is for it to be used effectively (especially for Forbes.ru) Thu, 19 Oct 2017 13:13:01 https://www.group-ib.com/blog/black-label/ https://www.group-ib.com/blog/avia/ Top global airline companies have been compromised by fraudsters for the second time during the last six months. Tue, 26 Sep 2017 13:20:39 https://www.group-ib.com/blog/avia/ https://www.group-ib.com/blog/cobalt/ How Cobalt hackers bypass your defenses Tue, 15 Aug 2017 12:25:00 https://www.group-ib.com/blog/cobalt/ https://www.group-ib.com/blog/venture/ On the price of hacker attacks and the toxic cyber environment Thu, 10 Aug 2017 13:36:47 https://www.group-ib.com/blog/venture/ https://www.group-ib.com/blog/kronos/ The man who "saved the world" from the WannaCry outbreak has been arrested on suspicion of being the author of Kronos banking Trojan Fri, 04 Aug 2017 13:34:07 https://www.group-ib.com/blog/kronos/ https://www.group-ib.com/blog/uicf/ Group-IB reveals the identity of alleged members of the Islamic hacker group United Islamic Cyber Force Wed, 02 Aug 2017 12:29:17 https://www.group-ib.com/blog/uicf/ https://www.group-ib.com/blog/polygon/ Russia as a testing ground Mon, 24 Jul 2017 13:40:11 https://www.group-ib.com/blog/polygon/ https://www.group-ib.com/blog/petya/ Group-IB has identified the ransomware that has infected energy, telecommunications and financial companies Tue, 27 Jun 2017 12:32:23 https://www.group-ib.com/blog/petya/ https://www.group-ib.com/blog/fake/ Top global airline companies have been compromised through fake links distributed by "friends" on Facebook Mon, 05 Jun 2017 13:24:11 https://www.group-ib.com/blog/fake/ https://www.group-ib.com/blog/lazarus/ Group-IB reveals the unknown details of attacks from one of the most notorious APT groups: sophisticated espionage and APT techniques of the North Korean state-sponsored hackers Tue, 30 May 2017 12:51:19 https://www.group-ib.com/blog/lazarus/ https://www.group-ib.com/blog/echoes/ Why WannaCry was more dangerous than other ransomware? Thu, 11 May 2017 13:43:43 https://www.group-ib.com/blog/echoes/ https://www.group-ib.com/blog/hurricane/ Why cyberattacks may be soon at the top of the World rating of threats (Ilya Sachkov for RBC) Mon, 23 Jan 2017 12:06:40 https://www.group-ib.com/blog/hurricane/ https://www.group-ib.com/blog/cron/ Group-IB supports operations to arrest gang for infecting 1 million smartphones Wed, 13 Jan 2016 12:55:31 https://www.group-ib.com/blog/cron/