Report an incident

Get 24/7 incident response assistance from our global team

Talk to sales

Just fill out the form, and our representative will contact you soon.

Join the Cybercrime Fighters Club

Please review the following rules before submitting your application:

1. Our main objective is to foster a community of like-minded individuals dedicated to combatting cybercrime and who have never engaged in Blackhat activities.

2. All applications must include research or a research draft. You can find content criteria in the blog. Please provide a link to your research or research draft using the form below.

META Intelligence Insights Report, May 2025. Cutting-edge Threat Intelligence for the META Region and Beyond
← Research Hub

META Intelligence Insights Report, May 2025. Cutting-edge Threat Intelligence for the META Region and Beyond

Stay ahead of the evolving cyber threat landscape with Group-IB's latest Intelligence Insights Report – May 2025. This edition delivers exclusive intelligence on the most critical incidents, campaigns, and threat actors impacting the globe—with a special focus on the Middle East, Türkiye, and Africa (META).

What’s Inside

Global Cybercrime Trends

Insurance Trap in ColombiaInsurance Trap in Colombia

Over 100 cloned car-insurance websites exploited open data and sleek UX to trick users into giving away banking credentials—highlighting how public infrastructure can be weaponized for fraud.

Ransomware DebrisRansomware Debris

Group-IB dissects the rise and mysterious disappearance of RansomHub, an offshoot of Knight/Cyclops, which lured ex-LockBit and ALPHV affiliates with a 90/10 profit share—only to vanish by April 1, 2025. Many of its operators have now reportedly joined Qilin.

Defending Against UNC3944 (Defending Against UNC3944 ("Scattered Spider")

Google/Mandiant’s latest threat hardening tips offer a 5-step guide to counter SIM-swapping and ransomware threats—focusing on device health, phishing-proof MFA, and attack detection.

Regional Focus: META

DarkBlinders APT Emerges in IraqDarkBlinders APT Emerges in Iraq

Group-IB identified DarkBlinders, a new suspected nation-state APT using SHELBY malware. The campaign, uncovered via VirusTotal submissions from Iraq, shows a sophisticated threat with geopolitical undertones.

Download the Full Report

Get exclusive access to detailed analysis, statistics, and expert recommendations.

Relevant reports

We see the full picture of the evolving cyber threat landscape thanks to unique tools for monitoring the infrastructure used by cybercriminals and data from battlefields:

Intelligence Insights Report, September 2025
New
Trend Report
Intelligence Insights Report, September 2025
Explore the most notable cybersecurity events in the region and the best practices
Learn more
Intelligence Insights Report, August 2025
Trend Report
Intelligence Insights Report, August 2025
Explore the most notable cybersecurity events in the region and the best practices
Learn more
Intelligence Insights Report, July 2025
Trend Report
Intelligence Insights Report, July 2025
Explore the most notable cybersecurity events in the region and the best practices
Learn more