Group-IB's TOP 20 Investigations

Group-IB supported “Operation Kaerb,” an international law enforcement effort led by Europol and Ameripol, targeting the iServer phishing-as-a-service platform. Active for over five years, iServer enabled mobile phishing attacks on 1.2 million devices and claimed 483,000 victims globally. Law enforcement arrested 17 suspects across six countries, including the platform’s administrator.

Learn more →

Group-IB contributed to the ALTDOS takedown, a collaborative effort involving the Royal Thai Police and Singapore Police Force, which led to the apprehension of a prolific cybercriminal responsible for over 90 global data breaches. Active since 2020, the threat actor, operating under aliases such as ALTDOS, DESORDEN, GHOSTR, and 0mid16B, targeted government agencies and companies across the Asia-Pacific region, the UK, the US, and the Middle East.

Learn more →

Group-IB played a pivotal role in Operation Nervone, a multinational law enforcement effort led by INTERPOL and AFRIPOL, among others, to dismantle OPERA1ER, a cybercriminal syndicate behind a series of financial fraud schemes. Active between 2018 and 2022, the French-speaking collective orchestrated more than 30 attacks targeting banks, financial services, and telecom companies, exploiting vulnerabilities in digital banking and payment systems.

Learn more →

Group-IB helped to dismantle a hacker group that infected over 340,000 Android devices to steal money from bank accounts. The criminals spread malware through SMS messages with links to a fake Adobe Flash Player download. They named their malware "Reich 5" and used Nazi symbols in their control panel. With Group-IB’s support, five suspects were de-anonymized and arrested.

Learn more →

Operation Delilah was the third in a series of operations supported by Group-IB, providing intelligence on the threat actor’s network, movements, use of malware strains, and target information, ultimately taking down the BEC gang leader who victimized thousands.

Learn more →

Unravel a remarkable transnational operation where the global law enforcement and cybersecurity service providers, including Group-IB, dismantled the GetBilling JS-sniffer group, which stole sensitive payment data from 200+ e-commerce websites across multiple countries.

Learn more →

Group-IB supported two INTERPOL-led operations, called Falcon I and Falcon II, to stop a business email compromise (BEC) cybercrime gang from Nigeria, which we named TMT. The cross-border anti-cybercrime effort, which involved INTERPOL’s Cybercrime Directorate, Nigerian Police Force, Group-IB’s Investigations Team and other partners, resulted in the arrest of key gang members and in a significant decrease in the group’s activity.

Learn more →

Group-IB took part in Operation DISTANTHILL, which led to the arrest of 16 cybercriminals involved in large-scale Android RAT campaigns across Southeast Asia.

Learn more →

Exposing the million-dollar hacking group behind large-scale attacks on payment systems.

Learn more →

Group-IB helped the police take down the largest mobile malware gang in Russia, which had infected more than 800,000 Android smartphones.

Learn more →

Group-IB helped to expose the cybercriminal gang who offered fake green passes, targeting Italian victims.

Learn more →

Group-IB helped law enforcement to identify and arrest a notorious gang that compromised more than one million devices with Android malware. The timely arrest helped dismantle a giant botnet and stopped the threat actors from expanding their operations worldwide.

Learn more →

Group-IB supported the police in identifying and taking down a malware kingpin who once dominated the exploit kit sales market, with over 40% of infections attributed to his tools - BlackHole and Cool Exploit Kits. Learn how our investigations revealed the Paunch's exploit kits, infrastructure, partners, and clients, completely sabotaging his malicious operations.

Learn more →

Group-IB partnered with law enforcement to bring a phishing gang to justice for the first time in Russia. The operation marked a new chapter in the history of cybercrime investigations and eventually led to changes in legislation and tougher sanctions for other cybercriminal groups.

Learn more →

Group-IB supported INTERPOL in disrupting a prolific cybercriminal’s activities - codenamed Lyrebird. This effort led to the identification and apprehension of the threat actor responsible for multiple attacks on French telecommunications companies, major banks, and MNCs.

Learn more →

Group-IB partnered with the Dutch National Police to uncover critical details about the criminal syndicate - the Fraud Family and their Fraud-as-a-Service (FaaS) operations. This breakthrough led to the dismantling of their operations and the prosecution of the perpetrators.

Learn more →

Group-IB made a significant contribution to an international crime fighting operation involving INTERPOL and national law enforcement agencies from Indonesia, Japan and the United States that targeted the notorious ‘phishing-as-a-service’ (PaaS) platform 16shop.

Learn more →

Group-IB played a crucial role in identifying the individual behind the Dragon botnet, which was responsible for relentless distributed denial-of-service (DDoS) attacks on prominent organizations, including those in the industrial and financial sectors.

Learn more →

Group-IB played a major role in identifying members of CybSec Group, which was engaged in extortion and DDoS attacks on international companies including international online dating service AnastasiaDate.

Learn more →