Report an incident

Get 24/7 incident response assistance from our global team

Talk to sales

Just fill out the form, and our representative will contact you soon.

Join the Cybercrime Fighters Club

Please review the following rules before submitting your application:

1. Our main objective is to foster a community of like-minded individuals dedicated to combatting cybercrime and who have never engaged in Blackhat activities.

2. All applications must include research or a research draft. You can find content criteria in the blog. Please provide a link to your research or research draft using the form below.

Group-IB Blog

Exponentiate your
cybersecurity expertise

Join the Cybercrime Fighters Club

The global fight against cybercrime is a collaborative effort, and that’s why we’re looking to partner with industry peers to research emerging threats and publish joint findings on our blog. If you’ve discovered a breakthrough into a particular threat actor or a vulnerability in a piece of software, let us know!

Join Learn more
Fraud Protection · May 20, 2024
GDPR: A shield for consumers, a shackle for fraud fighters?
Does the GDPR, designed to protect customer data, unintentionally create opportunities for cybercriminals to exploit it?
Julien Laurent
47
Generative AI Blog
Fraud Protection · May 6, 2024
Generative AI: Raising the stakes for fraud in online gambling
Fraudsters see potential in generative AI to defraud the gambling industry. Here’s how.
904
Threat Intelligence · April 18, 2024
Phishy Business: Unraveling LabHost’s scam ecosystem
Group-IB takes part in a global operation to cripple Canadian Phishing-as-a-Service provider LabHost
Alexander Sychev
4,299
Hunting Rituals
Hunting Rituals · March 29, 2024
Hunting Rituals #4: Threat hunting for execution via Windows Management Instrumentation
Actionable insights on hunting for Windows Management Instrumentation (WMI) execution abuse
Roman Rezvukhin
1,231
Pegasus and other spyware
Malware Analysis · March 15, 2024
They’re watching us: How to detect Pegasus and other spyware on your iOS device?
How does Pegasus and other spyware work discreetly to access everything on your iOS device?
Sergey Nikitin
15,647
Cyber Investigations · February 21, 2024
Extra credit: VietCredCare information stealer takes aim at Vietnamese businesses
Group-IB discovers new information stealer targeting Vietnam with rare functionality to filter out Facebook accounts with advertising credits
Hai Ha Phan
Vesta Matveeva
2,805
GoldDigger family
Malware Analysis · February 15, 2024
Face Off: Group-IB identifies first iOS trojan stealing facial recognition data
Group-IB uncovers the first iOS Trojan harvesting facial recognition data used for unauthorized access to bank accounts. The GoldDigger family grows
Andrey Polovinkin
Sharmine Low
27,796
ResumeLooters gang
Threat Intelligence · February 6, 2024
Dead-end job: ResumeLooters infect websites in APAC through SQL injection and XSS attacks
ResumeLooters gang infects websites with XSS scripts and SQL injections to vacuum up job seekers' personal data and CVs
Nikita Rostovcev
32,948
Cyber Investigations · January 16, 2024
Burnout: Inferno Drainer’s multimillion-dollar scam scheme detailed
Inferno Drainer may have shut down in November 2023, but users of the devastating scam-as-a-service platform still pose a risk as they look for other avenues.
Viacheslav Shevchenko
5,186
Hunting Rituals
Hunting Rituals · December 29, 2023
Hunting Rituals #3: Threat hunting for scheduled tasks
Actionable guide to hunting for the scheduled tasks by using Group-IB MXDR
Roman Rezvukhin
13,315
Technologies · December 27, 2023
The future is now: Watch out for these 20 trends that will change the course of cybersecurity (Part 2)
Cybersecurity is changing, and changing fast. Learn how Group-IB can help you lead the change instead of being carried by it.
Dmitry Volkov
9,483
Technologies · December 20, 2023
The future is now: Watch out for these 20 trends that will change the course of cybersecurity (Part 1)
Cybersecurity is changing, and changing fast. Learn how Group-IB can help you lead the change instead of being carried by it.
Dmitry Volkov
13,680
Technologies · December 15, 2023
You versus adversaries: How to become unbeatable in 20 cybersecurity moves (Part 2)
Cybersecurity essentials that ensure your business stays undisrupted in the upcoming year.
4,712
Threat Intelligence · December 14, 2023
Ace in the Hole: exposing GambleForce, an SQL injection gang
Analysis of TTPs tied to GambleForce, which carried out SQL injection attacks against companies in the APAC region
Nikita Rostovcev
4,349
Technologies · December 8, 2023
You versus adversaries: How to become unbeatable in 20 cybersecurity moves (Part 1)
Cybersecurity essentials that will ensure your business stays undisrupted in the upcoming year.
7,443
Malware Analysis · December 7, 2023
Curse of the Krasue: New Linux Remote Access Trojan targets Thailand
This piece of malware has an insatiable appetite. Group-IB's Threat Intelligence unit offers their insights on the new RAT used in attacks against Thai companies.
Sharmine Low
6,394
Hunting Rituals
Hunting Rituals · November 22, 2023
Hunting Rituals #2.2: Threat hunting for abuse of Windows Services
Actionable guide to hunting for the Windows Services abuse by using Group-IB MXDR.
Part 2: Execution of Windows Services
Roman Rezvukhin
7,607
Investigation into farnetwork cover
Threat Intelligence · November 8, 2023
Ransomware manager: Investigation into farnetwork, a threat actor linked to five strains of ransomware
Take a deep dive into the operations of one of the most active players in the Ransomware-as-a-Service market.
Nikolay Kichatov
11,606
Digital Forensics & Incident Response · October 24, 2023
The untold story of incident response: Insider’s Gambit
Get a close look at details of the most notable cases faced by Group-IB’s Digital Forensics and Incident Response (DFIR) team
2,069
Threat Intelligence · October 17, 2023
Analyzing cyber activity surrounding the conflict in the Middle East
Hacktivists take center stage with DDoS, defacement attacks – summary of Week 1 and 2 of the conflict.
The blog was updated on Oct. 24, 2023.
2,403
Digital Forensics & Incident Response · October 16, 2023
The untold story of incident response: A Christmas Miracle
Twas the night before Christmas, when out came the cry, a cyberattack is happening, so stop them, won’t you try?
Artem Artemov
13,072
Fraud Protection · October 5, 2023
Let’s dig deeper: dissecting the new Android Trojan GoldDigger with Group-IB Fraud Matrix
Delve into the tactics of the GoldDigger Trojan and discover ways to safeguard your customers
4,529
Threat Intelligence · September 26, 2023
Dusting for fingerprints: ShadowSyndicate, a new RaaS player?
No sleep until the Cybercrime Fighters Club is done with finding the answer as to who is behind this new ransomware-as-a-service affiliate.
Eline Switzer
Joshua Penny
Michael Koczwara
8,560
Threat Landscape Overview · September 22, 2023
It’s a trap: Detecting a cryptominer on a popular website using Group-IB MXDR
Group-IB analysts discovered and analyzed a cryptojacking campaign on a popular educational resource using Group-IB Managed XDR.
1,953
Hunting Rituals
Hunting Rituals · September 20, 2023
Hunting Rituals #2: Threat hunting for abuse of Windows Services
Actionable guide to hunting for the Windows Services abuse by using Group-IB MXDR.
Part 1: Creation/modification of Windows Services
Roman Rezvukhin
3,788
Digital Forensics & Incident Response · September 18, 2023
Incident Response through an opportunity lens: In conversation with Dmitry Volkov (CEO, Group-IB)
Gather valuable insights on how incident response can be a make-or-break factor in securing your business.
Dmitry Volkov
3,332
Scam & Phishing · September 7, 2023
From Rags to Riches: The illusion of quick wealth in investment scams
Group-IB Digital Risk Protection uncovers malicious campaign leveraging almost 900 scam pages with potential financial damage estimated at $280,000 over four-month span
Olga Ulchenko
Anton Varygin
1,773
Fraud Protection · September 5, 2023
Stealing the extra mile: How fraudsters target global airlines in air miles and customer service scams
Uncover the vulnerabilities crippling the airline industry and learn how to implement appropriate countermeasures
Dmitry Pisarev
Gleb Malkov
3,917
Scam & Phishing · August 31, 2023
New hierarchy, heightened threat: Classiscam’s sustained global campaign
The automated scam-as-a-service program designed to steal your money and data is still going strong four years after launch
3,870
Threat Intelligence · August 23, 2023
Traders’ dollars in danger: CVE-2023-38831 zero-day vulnerability in WinRAR exploited by cybercriminals to target traders
Spoof extensions help cybercriminals target users on trading forums as 130 devices still infected at time of writing
Andrey Polovinkin
39,566
Hunting Rituals
Hunting Rituals · August 17, 2023
Hunting Rituals #1: Threat hunting for DLL side-loading
Actionable guide to hunting for the DLL side-loading threat by using Group-IB MXDR.
Roman Rezvukhin
3,957
Fraud Protection · August 14, 2023
Breaking down Gigabud banking malware with Group-IB Fraud Matrix
Uncover the disruptive nature of Gigabud malware and take proactive measures to mitigate the associated risks
Pavel Naumov
Artem Grischenko
5,297
Threat Landscape Overview · August 4, 2023
JOIN THE CYBERCRIME FIGHTERS CLUB
Fighting cybercrime is more effective when we work together. Find out more about how you can work with Group-IB to document emerging threats.
1,994
Threat Intelligence · August 3, 2023
Demystifying Mysterious Team Bangladesh
Analysis of a highly active hacktivist group with global reach
John Doe
6,372
Threat Landscape Overview · July 10, 2023
Clouded Judgment: how mismanaged cloud infrastructure can expose users to cyber risks
Discover how organizations unwittingly create vulnerabilities by misconfiguring their cloud infrastructure
Zakhar Kornyakov
1,777
Cyber Investigations · June 15, 2023
Busting CryptosLabs: a scam ring targeting French speakers for millions
Get all the undisclosed details that our investigators uncovered on CryptosLabs' full scope of fraudulent schemes
Anton Ushakov
3,117
Threat Landscape Overview · June 2, 2023
Operation Triangulation: Mapping the threat
What we know about APT campaign to date and how to detect it
2,216
Advanced Persistent Threats · May 31, 2023
Dark Pink. Episode 2
APT Dark Pink is back with 5 victims in new countries.
Andrey Polovinkin
7,089
Threat Landscape Overview · May 30, 2023
Bridging the gap: How to leverage API security best practices to combat top 3 vulnerability types
Security misconfiguration, excessive data exposure, and injections top three API vulnerability types for financial and tech firms
Konstantin Damotsev
1,064
Advanced Persistent Threats · May 17, 2023
The distinctive rattle of APT SideWinder
Bridewell and Group-IB expose the APT’s unknown infrastructure
Nikita Rostovcev
Joshua Penny
Yashraj Solanki
9,001
Ransomware · May 15, 2023
You’ve been kept in the dark (web): exposing Qilin’s RaaS program
All you need to know about Qilin ransomware and its operations targeting critical sectors.
Nikolay Kichatov
11,641
Technologies · May 2, 2023
Managed upgrades. Enhance malware analysis efficiency with Group-IB Malware Detonation Platform updates
New and modified malware detonation capabilities in Group-IB’s Managed XDR and Business Email Protection solutions for precise threat detection and analysis
1,121
Scam & Phishing · April 25, 2023
Tech (non)support: Scammers pose as Meta in Facebook account grab ploy
Group-IB Digital Risk Protection discovers more than 3,200 fake Facebook profiles in ongoing phishing campaign that sees scammers impersonate Meta support staff
Sharef Hlal
Karam Chatra
17,353
Cyber Investigations · April 21, 2023
Investigation into PostalFurious: a Chinese-speaking phishing gang targeting Singapore and Australia
How to investigate phishing campaigns
Jennifer Soh
Kristina Ivanova
4,515
Threat Intelligence · April 18, 2023
SimpleHarm: Tracking MuddyWater’s infrastructure
Group-IB analysts discovered the new MuddyWater infrastructure while researching the pro-state group’s use of the legitimate SimpleHelp tool.
Nikita Rostovcev
10,129
Ransomware · April 4, 2023
The old way: BabLock, new ransomware quietly cruising around Europe, Middle East, and Asia
Group-IB uncovers a new stealthy ransomware strain
Andrey Zhdanov
Vladislav Azersky
8,495
Threat Landscape Overview · March 31, 2023
36gate: supply chain attack
What is known about the 3CX supply chain incident and how to defend against it?
Ivan Pisarev
Victor Belov
3,267
Scam & Phishing · March 21, 2023
Venomous vacancies: Job seekers across MEA hit by sting in scammers’ tail
Group-IB uncovers more than 2,400 scam job pages in ongoing campaign targeting users in Egypt, KSA, Algeria, and 10 other MEA countries.
Sharef Hlal
Olga Ulchenko
2,517
Threat Landscape Overview · March 17, 2023
Bleak outlook: Mitigating CVE-2023-23397
Microsoft Outlook Elevation of Privilege Vulnerability
2,212
Fraud Protection · February 20, 2023
Bad behaviour: How to detect banking malware
Mobile banking users are being manipulated by attackers to authorize fraudulent transactions. Learn what financial service providers can do to render these organized crimes powerless.
4,019
Ransomware · February 17, 2023
Package deal: Malware bundles causing disruption and damage across EMEA
What happens when you combine ransomware with information stealers, remote access Trojans, and other malware in one easy-to-download package?
Svetlana Ostrovskaya
Andrey Zhdanov
2,516
Advanced Persistent Threats · February 13, 2023
Nice Try Tonto Team
How a nation-state APT attempted to attack Group-IB
Anastasia Tikhonova
Dmitry Kupin
9,292
Threat Landscape Overview · February 10, 2023
Know Thy Enemy: unraveling the “Hi-Tech Crime Trends 2022/2023” report
Which cybercrimes will dominate the threat landscape for 2023 and beyond? Find out!
Jasmine Kharbanda
1,931
Advanced Persistent Threats · January 11, 2023
Dark Pink
New APT hitting Asia-Pacific, Europe that goes deeper and darker
Andrey Polovinkin
20,256
Malware Analysis · December 21, 2022
Godfather Trojan – mobile banking malware that is impossible to refuse
Group-IB discovers banking Trojan targeting users of more than 400 apps in 16 countries
Artem Grischenko
12,298
Scam & Phishing · December 16, 2022
Scam-free Christmas
8 online scams to protect your customers from
1,353
Fraud Protection · November 28, 2022
Group-IB’s Fraud Intelligence
How can you find mule accounts lurking in your digital payments?
Dmitry Pisarev
Julien Laurent
2,857
Scam & Phishing · November 9, 2022
Hired hand: Scammers mimic Saudi manpower provider
Group-IB uncovers one thousand (and one) fake domains part of a scam campaign targeting users in KSA
Mark Alpatsky
Sharef Hlal
1,771
Threat Intelligence · November 3, 2022
Armés et dangereux : une soif d’argent inextinguible L’APT OPERA1ER en Afrique
En 2019, l'équipe Threat Intelligence de Group-IB a détecté une série d'attaques ciblant des organisations financières en Afrique.
Rustam Mirkasymov
1,933
Threat Intelligence · November 3, 2022
Financially motivated, dangerously activated: OPERA1ER APT in Africa
The French-speaking gang managed to carry out over 30 successful attacks on banks, financial services and telecommunications companies, mainly located in Africa.
Rustam Mirkasymov
6,997
Threat Intelligence · October 24, 2022
Treasure trove. Alive and well point-of-sale malware
Analysis of months-long MajikPOS and Treasure Hunter campaign that infected dozens of terminals
Nikolay Shelekhov
Said Khamchiev
4,986
Ransomware · October 19, 2022
DeadBolt ransomware: nothing but NASty
The Group-IB Incident Response Team investigated an incident related to a DeadBolt attack and analyzed a DeadBolt ransomware sample
Andrey Zhdanov
Vladislav Azersky
5,843
Scam & Phishing · October 17, 2022
Scam is rising
With well-set digital marketing campaigns and professional call-centres
1,330
Technologies · September 28, 2022
Take control of your shadow IT
How Group-IB Attack Surface Management ensures full mastery of your external attack surface
2,180
Scam & Phishing · September 13, 2022
Letting off steam
Hackers use the browser-in-the-browser technique to steal Steam accounts
Ivan Lebedev
Dmitry Eroshev
5,898
Threat Intelligence · August 25, 2022
Roasting 0ktapus: The phishing campaign going after Okta identity credentials
Over 130 organizations have been compromised in a sophisticated attack using simple phishing kits
Rustam Mirkasymov
Roberto Martinez
34,967
Advanced Persistent Threats · August 18, 2022
APT41 World Tour 2021 on a tight schedule
4 malicious campaigns, 13 confirmed victims, and a new wave of Cobalt Strike infections
Nikita Rostovcev
12,123
Threat Intelligence · August 17, 2022
Switching side jobs
Links between ATMZOW JS-sniffer and Hancitor
Victor Okorokov
2,498
Fraud Protection · August 11, 2022
Challenge accepted
Detecting MaliBot, a fresh Android banking trojan, with a Fraud Protection solution
1,528
Scam & Phishing · July 29, 2022
Fake investment scams in Europe
How we almost got rich
12,328
Technologies · July 25, 2022
Under the Hood. Group-IB Managed XDR
What Group-IB’s new all-in-one solution offers: cybersecurity management, network event analysis, and lightning-fast stops to attacks
3,016
Technologies · June 30, 2022
Group-IB introduces the Unified Risk Platform
Group-IB’s platform allows organizations to overcome cyber risks
3,396
Ransomware · June 29, 2022
Fat Cats
An analysis of the BlackCat ransomware affiliate program
Andrey Zhdanov
5,529
Malware Analysis · June 24, 2022
We see you, Gozi
Hunting the latest TTPs used for delivering the Trojan
Albert Priego
1,543
Threat Intelligence · June 16, 2022
“We find many things that others do not even see”
Nikita Rostovtsev on current cyber threats and his profession
Nikita Rostovcev
1,415
Threat Intelligence · June 16, 2022
Thousands of IDs exposed in yet another data breach in Brazil
Unsecured public-facing database allowed anyone to access ID selfies for months
Anastasia Tikhonova
2,628
Scam & Phishing · June 9, 2022
Swiss Army Knife Phishing
Group-IB identifies massive campaign capable of targeting clients of major Vietnamese banks
Yaroslav Kargalev
Ivan Lebedev
1,780
Advanced Persistent Threats · June 1, 2022
SideWinder.AntiBot.Script
APT SideWinder’s new tool that narrows their reach to Pakistan
Nikita Rostovcev
Alexander Badaev
6,325
Ransomware · April 14, 2022
Old Gremlins, new methods
Russian-speaking ransomware gang OldGremlin resumes attacks in Russia
Ivan Pisarev
4,072
Scam & Phishing · April 8, 2022
Scammers make off with $1.6 million in crypto
Fake giveaways hit bitcoiners again. Now on YouTube
Yaroslav Kargalev
Daniil Glukhov
1,715
Threat Landscape Overview · March 31, 2022
Mitigating Spring4Shell with Group-IB
What we know about Spring4Shell so far
2,586
Scam & Phishing · March 28, 2022
Empty Box
Group-IB unveils three groups of fraudsters behind delivery scams in Singapore
Ilia Rozhnov
1,358
Technologies · March 15, 2022
Lost & Found: Group-IB Unveils Attack Surface Management (ex. AssetZero)
Intelligence-Driven Attack Surface Management
1,649
Ransomware · February 18, 2022
Top 5 recommendations for preventing ransomware for 2022
With ransomware attacks on the rise, companies need to take a proactive approach to security. Group-IB has put together a list of actionable tips to help you protect your organization from the ransomware threats in 2022.
758
Technologies · February 7, 2022
Cleaning the atmosphere
Weak points in modern-day corporate email security
Ilya Pomerantcev
1,798
Cyber Investigations · January 28, 2022
Shedding light on the dark web
Cybersecurity analyst's guide on how to use machine learning to show cybercriminals' true colors
Vesta Matveeva
Yaroslav Polyanskiy
2,881
Threat Landscape Overview · December 23, 2021
Mitigating Log4Shell in Log4j with Group-IB
Group-IB's recommendations to mitigate this vulnerability and protect your organization.
1,033
Technologies · December 23, 2021
How MITRE ATT&CK® helps users of Threat Intelligence
The MITRE ATT&CK® framework became the industry standard to describe attack tactics and techniques.
Dmitry Volkov
2,337
Scam & Phishing · December 21, 2021
Ready-made fraud
Behind the scenes of targeted scams
Yakov Kravtsov
Yvgeny Egorov
1,436
Ransomware · December 9, 2021
Inside the Hive
Deep dive into Hive RaaS, analysis of latest samples
Andrey Zhdanov
Dmitry Shestakov
Nikolay Stepanov
9,562
Ransomware · November 3, 2021
The Darker Things
BlackMatter and their victims
Andrey Zhdanov
3,242
Threat Landscape Overview · October 28, 2021
Cannibal Carders
Group-IB uncovers largest networks of fake shops – phishing websites disguised as card shops
Ruslan Chebesov
Sergey Kokurin
3,503
Scam & Phishing · September 17, 2021
Scamdemic outbreak
Scammers attack users in Middle Eastern countries
Yakov Kravtsov
Yvgeny Egorov
1,343
Scam & Phishing · September 16, 2021
RUNLIR – phishing campaign targeting Netherlands
Phishers take an approach to bypass security controls never seen in the country
Reza Rafati
Ivan Lebedev
2,121
Technologies · August 13, 2021
Under the hood. Group-IB Threat Intelligence. Part 2
How we make Tailored Threat Intelligence
Dmitry Volkov
3,093
Threat Intelligence · August 6, 2021
Bold ad campaign
AWC joins illicit carding business by offering 1 Mln compromised cards for free
Sergey Kokurin
2,606
Ransomware · August 6, 2021
It’s alive!
The story behind the BlackMatter ransomware strain
Andrey Zhdanov
5,288
Threat Intelligence · August 5, 2021
Prometheus TDS
The key to success for Campo Loader, Hancitor, IcedID, and QBot
Victor Okorokov
Nikita Rostovcev
9,399
Advanced Persistent Threats · August 3, 2021
The Art of Cyberwarfare
Chinese APTs attack Russia
Anastasia Tikhonova
Dmitry Kupin
6,227
Technologies · July 29, 2021
Under the hood. Group-IB Threat Intelligence. Part 1
Dive into Breached DB section
Dmitry Volkov
3,174
Cyber Investigations · July 22, 2021
The Fraud Family
Fraud-as-a-Service operation targeting Dutch residents
Roberto Martinez
Anton Ushakov
3,593
Malware Analysis · July 2, 2021
The Brothers Grim
The reversing tale of GrimAgent malware used by Ryuk
Albert Priego
3,548
Ransomware · June 30, 2021
REvil Twins
Deep Dive into Prolific RaaS Affiliates' TTPs
5,564
Advanced Persistent Threats · June 10, 2021
Big airline heist
APT41 likely behind a third-party attack on Air India
Nikita Rostovcev
16,990
Threat Intelligence · June 3, 2021
FontPack: A dangerous update
Attribution secrets: Who is behind stealing credentials and bank card data by asking to install fake Flash Player, browser or font updates?
Nikita Rostovcev
1,265
Ransomware · May 7, 2021
Connecting the Bots
Hancitor fuels Cuba Ransomware Operations
Semyon Rogachev
2,380
Threat Intelligence · May 6, 2021
GrelosGTM group abuses Google Tag Manager to attack e-commerce websites
Group-IB specialists detected GrelosGTM group started to abuse Google Tag Manager legitimate functionality for their own purposes in infections of online shops.
Victor Okorokov
1,641
Threat Intelligence · April 14, 2021
Lazarus BTC Changer
Back in action with JS sniffers redesigned to steal crypto
Victor Okorokov
5,257
Scam & Phishing · April 12, 2021
Deep water: exploring phishing kits
Group-IB's Computer Emergency Response Team built a solid phishing kit database, which helps Group-IB fight phishing that targets specific brands.
Ivan Lebedev
1,559
Threat Intelligence · April 8, 2021
When Karma Comes Back
The rise and fall of illicit cardshop breached twice in two years
Sergey Kokurin
3,670
Threat Intelligence · April 5, 2021
Kremlin RATs from Nigeria
The analysis of phishing campaigns carried out by a new threat actor
1,536
Digital Forensics & Incident Response · March 17, 2021
Masters of disguise
Let's hunt some bootkits
Semyon Rogachev
1,634
Threat Intelligence · March 15, 2021
JavaScript sniffers’ new tricks
Analysis of the E1RB JS sniffer family
Victor Okorokov
1,921
Scam & Phishing · March 1, 2021
Inside Classiscam
A deep dive into Classiscam: automated scam as a service designed to steal money and payment data
Yakov Kravtsov
Evgeny Ivanov
3,485
Digital Forensics & Incident Response · January 26, 2021
The source of everything
Forensic examination of incidents involving source code leaks
Anatoly Tykushin
2,484
Threat Intelligence · December 23, 2020
New attacks by UltraRank group
As part of UltraRank's new campaign, Group-IB Threat Intelligence team discovered 12 eCommerce websites infected with their JavaScript-sniffer.
Victor Okorokov
1,725
Threat Intelligence · December 7, 2020
The footprints of Raccoon
A story about operators of JS-sniffer FakeSecurity distributing Raccoon stealer
Nikita Rostovcev
2,100
Ransomware · November 20, 2020
The Locking Egregor
Analysis of TTPs employed by Egregor operators
Roman Rezvukhin
Semyon Rogachev
1,810
Ransomware · November 1, 2020
Big Game Hunting: Now in Russia
Top Russian companies and banks under attack from OldGremlin - a group controlling TinyCryptor ransomware
Rustam Mirkasymov
4,273
Fraud Protection · October 10, 2020
Group-IB Fraud Protection (ex. Fraud Hunting Platform)
Keeping user digital identity safe
Dmitry Volkov
2,967
Ransomware · September 10, 2020
Lock Like a Pro
Dive in Recent ProLock's Big Game Hunting
Semyon Rogachev
1,121
Digital Forensics & Incident Response · July 5, 2020
Digital forensics specialist’s bookshelf
Top 11 books on digital forensics, incident response, and malware analysis
Igor Mikhailov
2,167
Threat Intelligence · May 29, 2020
IcedID
When ice burns through bank accounts
Ivan Pisarev
4,255
Ransomware · May 14, 2020
ATT&CKing ProLock Ransomware
The success of enterprise ransomware attacks has motivated more and more threat actors to join the game.
1,846
Threat Intelligence · April 30, 2020
PerSwaysion Campaign
Playbook of Microsoft Document Sharing-Based Phishing Attack
Feixiang He
2,107
Digital Forensics & Incident Response · April 28, 2020
Reconstructing User Activity for Forensics with FeatureUsage
Useful feature that can help forensic analysts and incident responders to reconstruct user activities.
2,568
Digital Forensics & Incident Response · February 20, 2020
Chromium-based Microsoft Edge from a Forensic Point of View
Explore the forensic perspective of the Microsoft Edge Chromium-based version and its features, such as msedge_proxy, edge cache location, and more.
Svetlana Ostrovskaya
14,732
Digital Forensics & Incident Response · January 17, 2020
Hunting for Nextcloud Cloud Storage Forensic Artifacts on Endpoints
Forensic artifacts, which can be found during forensic examination of a Windows endpoint.
1,097
Digital Forensics & Incident Response · December 20, 2019
A Shortcut to Compromise: Cobalt Gang phishing campaign
Cobalt Gang is alive and well, and continued to attack financial institutions around the globe in 2019.
954
Digital Forensics & Incident Response · December 11, 2019
Hunting for Attacker’s Tactics and Techniques With Prefetch Files
Windows Prefetch files were introduced in Windows XP and since that time have helped digital forensics analysts and incident responders find evidence of execution.
2,232
Technologies · November 18, 2019
Group-IB unveils its Graph
The story about Group-IB searching for graph analysis solution and creating its own unique instrument
Dmitry Volkov
1,109
Threat Intelligence · November 8, 2019
Massive malicious campaign by FakeSecurity JS-sniffer
Group-IB specialists detected a new JS-sniffer family called FakeSecurity.
Victor Okorokov
1,512
Digital Forensics & Incident Response · November 7, 2019
WhatsApp in Plain Sight: Where and How You Can Collect Forensic Artifacts
All about WhatsApp forensics and the wealth of data extracted from a device through forensic analysis.
Igor Mikhailov
66,468
Threat Intelligence · November 5, 2019
RDoS attacks by fake Fancy Bear hit banks in multiple locations
Group-IB experts have detected a massive email campaign spreading similar ransom demands sent to banks and financial organizations across the word.
Anastasia Tikhonova
1,177
Digital Forensics & Incident Response · October 4, 2019
No Time to Waste
How Windows 10 Timeline Can Help Forensic Experts
Igor Mikhailov
6,878
Ransomware · September 30, 2019
50 Shades of Ransomware
The following article examines forensic artifacts left by the Shade cryptolocker and maps used tactics and techniques to MITRE ATT&CK.
1,272
Digital Forensics & Incident Response · September 26, 2019
Tools up: the best software and hardware tools for computer forensics
Igor Mikhailov gave his review of the best software and hardware solutions for computer forensics.
Igor Mikhailov
14,646
Threat Intelligence · May 29, 2019
Catching fish in muddy waters
How the hacker group MuddyWater attacked a Turkish manufacturer of military electronics
Anastasia Tikhonova
Nikita Rostovcev
757
Digital Forensics & Incident Response · May 8, 2019
Following the RTM
Forensic examination of a computer infected with a banking trojan
1,303
Threat Intelligence · April 26, 2019
Meet the JS-Sniffers 4: CoffeMokko Family
Group-IB researchers have discovered 38 families of JS-sniffers, whereas only 12 were known previously.
Victor Okorokov
1,413
Threat Intelligence · April 25, 2019
Meet the JS-Sniffers 3: Illum Family
Group-IB researchers discovered Illum JS-sniffers family designed to steal payment data of customers of online stores.
Victor Okorokov
641
Threat Intelligence · April 19, 2019
Meet the JS-Sniffers 2: G-Analytics Family
Group-IB discovered that the stolen payment cards data is sold through an underground store specially created for this purpose.
Victor Okorokov
838
Threat Intelligence · April 9, 2019
Meet the JS-Sniffers: ReactGet Family
ReactGet is one of the most interesting families of JS-sniffers, designed to steal banking cards data from online stores.
Victor Okorokov
1,188
Threat Intelligence · April 4, 2019
Gustuff: Weapon of Mass Infection
Android Trojan named «Gustuff» capable of targeting more than 100 global banking apps, a number of cryptocurrency and marketplace applications
Ivan Pisarev
1,384
IP Protection · February 5, 2019
The end of torrents era in Russia
Currently, a total of 80% of pirated films and almost 90% of TV series are being watched online
1,196
Threat Intelligence · September 5, 2018
Silence: Moving into the Darkside
Group-IB has exposed the attacks committed by Silence cybercriminal group.
1,455
Threat Intelligence · May 29, 2018
Cobalt Renaissance
New attacks and joint operations
Rustam Mirkasymov
1,187
Threat Intelligence · December 11, 2017
MoneyTaker: in pursuit of the invisible
Group-IB has uncovered a hacker group attacking banks in the USA and Russia
1,220
Scam & Phishing · November 2, 2017
In a Queue for a Scam
How faudsters cash in on hype around new iPhones
643
Threat Intelligence · October 26, 2017
NotPetya pulls BadRabbit out of the hat
Research revealed that the BadRabbit code was compiled from NotPetya sources.
Rustam Mirkasymov
865
Threat Intelligence · October 24, 2017
BadRabbit
There is a connection between BadRabbit and Not Petya
1,043
IP Protection · October 19, 2017
‘Black spot’ for pirates
Russia has developed a strong legal framework to combat online piracy. All that is needed is for it to be used effectively (especially for Forbes.ru)
Ilya Sachkov
1,722
Scam & Phishing · September 26, 2017
Airline companies «landing» on fake pages
Top global airline companies have been compromised by fraudsters for the second time during the last six months.
1,506
Threat Intelligence · August 15, 2017
Secrets of Cobalt
How Cobalt hackers bypass your defenses
Vesta Matveeva
3,703
Threat Landscape Overview · August 10, 2017
Insecure venture
On the price of hacker attacks and the toxic cyber environment
Ruslan Yusufov
1,287
Threat Intelligence · August 4, 2017
Kronos devouring its children
The man who "saved the world" from the WannaCry outbreak has been arrested on suspicion of being the author of Kronos banking Trojan
1,345
Threat Intelligence · August 2, 2017
Hacktivists unmasked
Group-IB reveals the identity of alleged members of the Islamic hacker group United Islamic Cyber Force
2,342
Threat Landscape Overview · July 24, 2017
Targeted attacks on banks
Russia as a testing ground
Ilya Sachkov
1,594
Ransomware · June 27, 2017
Petya starts with Ukraine and then goes global
Group-IB has identified the ransomware that has infected energy, telecommunications and financial companies
803
Scam & Phishing · June 5, 2017
Ghost flights
Top global airline companies have been compromised through fake links distributed by "friends" on Facebook
1,500
Advanced Persistent Threats · May 30, 2017
LAZARUS ARISEN
Group-IB reveals the unknown details of attacks from one of the most notorious APT groups: sophisticated espionage and APT techniques of the North Korean state-sponsored hackers
3,131
Ransomware · May 11, 2017
Echoes of cyberwar
Why WannaCry was more dangerous than other ransomware?
Ilya Sachkov
968
Threat Landscape Overview · January 23, 2017
In a Risk Group
Why cyberattacks may be soon at the top of the World rating of threats (Ilya Sachkov for RBC)
Ilya Sachkov
1,272
Cyber Investigations · January 13, 2016
Cron has fallen
Group-IB supports operations to arrest gang for infecting 1 million smartphones
1,821

Trending posts

WhatsApp in Plain Sight: Where and How You Can Collect Forensic Artifacts
Igor Mikhailov
66,468
Roasting 0ktapus: The phishing campaign going after Okta identity credentials
Rustam Mirkasymov
Roberto Martinez
34,967
Traders’ dollars in danger: CVE-2023-38831 zero-day vulnerability in WinRAR exploited by cybercriminals to target traders
Andrey Polovinkin
39,566
GoldDigger family
Face Off: Group-IB identifies first iOS trojan stealing facial recognition data
Andrey Polovinkin
Sharmine Low
27,796

Group-IB expert directory

Load More
Feixiang He
Feixiang He

Adversary Intelligence Research Lead

Sharef Hlal
Sharef Hlal

Head of Digital Risk Protection Analytics Team, MEA region

Anastasia Tikhonova
Anastasia Tikhonova

Technical Head, APAC

Rustam Mirkasymov
Rustam Mirkasymov

Technical Head, Europe

Anatoly Tykushin
Anatoly Tykushin

Head of Digital Forensics and Incident Response Team (MEA)

Subscribe to our blog newsletter to follow the latest posts
Group-IB Subscribe