Report an incident

Get 24/7 incident response assistance from our global team

Talk to sales

Just fill out the form, and our representative will contact you soon.

Join the Cybercrime Fighters Club

Please review the following rules before submitting your application:

1. Our main objective is to foster a community of like-minded individuals dedicated to combatting cybercrime and who have never engaged in Blackhat activities.

2. All applications must include research or a research draft. You can find content criteria in the blog. Please provide a link to your research or research draft using the form below.

MoneyTaker: Revealed After 1.5 Years of Silent Operations
← Research Hub

MoneyTaker: Revealed After 1.5 Years of Silent Operations

Explore how this group managed to hide their traces while conducting 20+ attacks on banks and financial services companies in the USA, UK and Russia.
View report

Discover in the report:

Unique techniques to enter the network

TTPs and analysis of cybercriminal infrastructure

Predictions on new targets

Indicators of Compromise to monitor your network

MoneyTaker uses publicly available tools, which makes the attribution and investigation process a non-trivial exercise. In addition, incidents occur in different regions worldwide and at least one of the US Banks targeted had documents successfully exfiltrated from their networks, twice. Group‑IB specialists expect new thefts in the near future and in order to reduce this risk, Group-IB would like to contribute our report identifying hacker tools, techniques as well as indicators of compromise we attribute to MoneyTaker operations.
Dmitry Volkov
Dmitry Volkov
Chief Executive Officer

Advanced protection against cyber threats

Group-IB’s security ecosystem provides comprehensive protection for your IT infrastructure based on our unique cyber intelligence and deep analysis of attacks and incident response.
Threat Intelligence
Threat Intelligence
Fraud Protection
Fraud Protection
Managed XDR
Managed XDR
Digital Risk Protection
Digital Risk Protection

Relevant reports

We see the full picture of the evolving cyber threat landscape thanks to unique tools for monitoring the infrastructure used by cybercriminals and data from battlefields:

Hacktivist at War: The Cambodia-Thailand Cyber Escalation July-August 2025
New
Threat Research
Hacktivist at War: The Cambodia-Thailand Cyber Escalation July-August 2025
Hacktivist cyber attacks often rise in parallel when conflict between nations arise. Understand the common...
Learn more
W3LL done: uncovering hidden phishing ecosystem driving BEC attacks
Threat Research
W3LL done: uncovering hidden phishing ecosystem driving BEC attacks
Access untapped details into the scope and sophistication of the W3LL’s BEC-focused criminal enterprise
Learn more
Old Snake, New Skin: Analysis of SideWinder APT activity in 2021
Threat Research
Old Snake, New Skin: Analysis of SideWinder APT activity in 2021
Group-IB Threat Intelligence team uncovered a previously undocumented spear phishing campaign carried out by APT...
Learn moreDownload report
Uncovering the Attack Surface
Threat Research
Uncovering the Attack Surface
An analysis of attack surface risks for a sample of major financial services providers in...
Learn more
OPERA1ER: Playing God Without Permission
Threat Research
OPERA1ER: Playing God Without Permission
The group relied solely on known “off-the-shelf” tools to steal millions from financial service and...
Learn moreDownload report
OldGremlin Ransomware: Never Ever Feed Them after The Locknight
Threat Research
OldGremlin Ransomware: Never Ever Feed Them after The Locknight
The case of OldGremlin illustrates how the ransomware industry has evolved in recent years. In...
Learn moreDownload report
Demystifying Classiscam
Threat Research
Demystifying Classiscam
Deep dive into where the scheme started, how it works and evolves. Learn more about...
Learn moreDownload report