Computer Emergency Response Team

A front-edge vigilance team
that is always on guard

Meet Group-IB’s leading security specialists who work 24/7/365 to pin down unforeseen cyber threats and strengthen your defenses

Lightning fast service, expertise,
and technological excellence

Zero tolerance to cybercrime
CERT-GIB’s modus operandi
Acting proactively


CERT-GIB is a member of leading associations:

Group-IB CERT award
Group-IB CERT APWG award
Group-IB CERT trusted introducer
Group-IB CERT oic
Group-IB CERT apcert
4 regions with 100+ experts: Asia, Europe, Middle East, Africa
70,000+ hours of incident response
Quick global takedown services
Cooperation with domain registrars, hosting providers and other CERT teams from 150+ countries
Extensive security network on account of working
Leading investigation capabilities to detect threat
24/7 incident response and takedown of dangerous websites in 2500+ domain zones
Authorized to block malware distribution websites
Real-time managed detection and response services

Zero tolerance
to cybercrime

Being the first responders in the face of evolving challenges, CERT-GIB helps organizations stay resilient through advanced and continuous threat triage
CERT-GIB advantage

As threat actors become more sophisticated, companies struggle to be fully aware of the potential threats to their sustainability

CERT-GIB advantage

CERT was established as a centralized function in Group-IB to empower businesses with round-the-clock infrastructure security and protection

CERT-GIB advantage

CERT’s coordinated efforts help monitor, track, and defuse cyberattacks before they affect a business's operability

modus operandi

Discover the sequence of steps describing how CERT-GIB usually functions but take into account that this list is not an exhaustive one.
Group-IB protects brands from phishing attacks and scams
Using our world-class our proprietary Group-IB Threat intelligence
We provide managed detection and response services using our MXDR
Takedowns on information submissions about phishing, scams, and malware websites
Our company collects, analyzes and stores digital evidence
CERT-GIB shares information with security vendors, browser companies etc.

Stopping cybercrime
before it starts

CERT has proven to be a deterrent for emerging digital cyber threats over the years thanks to:
CERT Group-IB Global cooperation

Global cooperation with law enforcement, international CERTs, SOC partners etc.

CERT Group-IB Intelligence-driven unit

Intelligence-driven unit supporting Group-IB's endeavor of maximum resilience

CERT Group-IB expertise in APTs

In-depth expertise in APTs

Read about →
CERT Group-IB industry-leading reports

View our industry-leading reports

Research Hub →

Have CERT on standby and leave
no room for compromise

Relevant technologies

Group-IB disposes of a wide range of patented technologies. These are the ones that contribute to the CERT-GIB's exceptional reactivity and analysis:

Graph Analysis

Comprehensible graph visualization of connections between users and devices

Takedown System

Our takedown service is continuous and the fastest, the number of takedowns is unlimited (no extra billing)

Business Email Security

Email-borne attacks are a serious risk to your business. Ensure the security of your corporate email to maintain the integrity of operations

Learn more

Network Protection

Protect your network from unwarranted intrusions, that can potentially lead to data breaches, unauthorized access, and other security threats

Learn more

Additional resources


CERT-GIB's professionals have much knowledge to share. We regularly publish interesting use cases in the blog. Just follow

Learn more →

Don't hesitate to share our newsroom. There we share the latest news, corporate and product updates, and reveal the trending stories

Learn more →

Join the forces fighting cybercrime


What is CERT?


CERT-GIB is a round-the-clock emergency response team that performs threat monitoring, helps contain threats, and brings trusted incident responders, forensic analysts, and investigation experts on the scene if needed, thereby eliminating costly delays.

How can I subscribe to your services?


We’re available round-the-clock to discuss your needs. You can write to us at or call +65 3159-4398 to subscribe to our services. If you’re suspecting a breach or experiencing one, report an incident here.

How fast can you block phishing attempts, scams, or malware on a website?


The average takedown time is less than 24 hours. However, in some domain zones, the value can be 8 hours or less.

I found malware on my website. Can you help?


You can reach out to the CERT for recommendations on how to eliminate malicious code or to request an investigation into the nature and source of the hacking.

I received a complaint from you. What should I do to avoid this in the future?


If you are an administrator or owner of a web resource and have received a complaint from us, then your website could have been hacked and could be used for malicious purposes.

Your first response should be to eliminate the consequences of the hack and to take measures to minimize the likelihood of the incident occurring in the future. Follow our recommendations on how to remedy the situation, which can be found in the same email.

Do you provide SLAs?


SLAs depend on the type of services provided. As part of Managed Detection services, CERT-GIB offers round-the-clock monitoring and analysis of security events, regular notifications on important events through Managed XDR services in less than an hour, along with the monitoring of requests from clients.

As for the anti-phishing service, CERT-GIB ensures that the malicious resource is blocked in less than 24 hours, regardless of the location of the website.

What is the difference between CERT and SOC?


Typically, SOC is an internal or outsourced team that monitors and responds to threats such as malware host infections and anomalies in the local networks. CERT-GIB, however, provides both internal threat monitoring (Managed Services) and response to threats outside the clients’ infrastructure (external threats), such as phishing resources, scam campaigns, leaks, and malware resources hosted on public servers.

The analysis of both types of threats allows CERT-GIB to act more efficiently than a traditional SOC.

How do international partnerships help CERT-GIB?


Partnerships with international communities such as FIRST, Trusted Introducer, OIC-CERT, and APWG coalition, and cooperation with other CERT/CSIRT allow the exchange of best practices and methods for detecting and combating modern cyber threats. In view of the cross-border nature of cybercrime, we often turn to our partners for assistance in their territorial area of responsibility. Such interactions allow us to quickly obtain unique data and neutralize the cyber threat.

My company does not have a 24/7 monitoring department, how can you help?


Our CERT-GIB provides round-the-clock monitoring, detection, and real-time response.
As part of our Managed XDR service, CERT-GIB will provide instant response to both known and unknown threats in your IT infrastructure, host isolation, forensic data collection, file quarantine, and much more.

We help organizations maximize their defense capabilities and reduce the burden of having to build/maintain their continuous cybersecurity monitoring team.

How do you use Threat Intelligence?


Threat actors are becoming more sophisticated and adopting new TTPs, forcing security personnel to scramble, in order to keep up.

Working with advanced Cyber Threat Intelligence data enables CERT-GIB to pre-emptively detect and stop sophisticated attacks inside the customers’ infrastructure, promptly notify your team, and provide the most effective recommendations to mitigate them.