2009
Your daily source of cybersecurity news brought to you by Group-IB, one of the global industry leaders.
AI won’t replace your security team… but it will make your team faster, sharper, and happier.
That’s the idea behind Group-IB’s new AI Assistant — now available in beta for all Threat Intelligence customers.
This LLM-powered chatbot is a new way to interact with one of the industry’s largest threat intelligence datasets — with instant answers, deep context, and zero privacy compromises.
🔗 See it in action and learn how it works in our latest blog post.
#CyberSecurity #ThreatIntelligence #AIAssistant #FightAgainstCybercrime
Hyper-evolving threats. Expanding risk portfolios. And the board wants answers.
Today's CISOs are expected to lead through chaos, speak the business language, and prove the value of every decision.
Risk management isn’t just a checkbox — It demands foresight, strategy, and accountability.
Done right, it puts CISOs where they belong: in the boardroom, driving strategic decisions.
To step into every challenge with clarity and control, this blog puts things in perspective for CISOs and their team
Get real-world direction, critical communication cues, risk concepts, and decision-making clarity to navigate enterprise risk effectively.
#CISO #RiskManagement #FightAgainstCybercrime
Group-IB launches its strategic Partner Program to fortify Europe’s cybersecurity ecosystem.
Designed for MSSPs, resellers, and tech partners, the program delivers cutting-edge solutions including threat intelligence, fraud protection, managed XDR, and more, alongside elite training, dedicated support, and tiered rewards (standard to platinum).
🤝 Partner with Group-IB to combat evolving threats with global intelligence and local expertise. Be part of the mission. Read More
#Cybersecurity #MSSP #FraudProtection #ThreatIntelligence #FightAgainstCybercrime
As Australia’s digital economy booms, so do fraud losses, surging past $2 billion AUD annually—and traditional defenses are failing.
The (relatively) new disruptor? AI-powered fraud techniques.
From deepfake-driven scams to automated bot attacks, cybercriminals are evolving fast:
🔹 Mobile banking trojans steal facial recognition data for KYC fraud
🔹 Synthetic identities fuel account takeovers & mule account creation
🔹 AI-driven tactics enable seamless money laundering & loan fraud
📖 Read our latest blog to uncover Australia’s full fraud landscape
What is the key to defense? Data-driven fraud detection.
The catch for AI-driven tactics lies in monitoring transaction and behavioral biometrics data to spot deviations from “usual” activity and detect fraud.
#CyberSecurity #FraudPrevention #DeepfakeFraud #AIThreats #FightAgainstCybercrime
🚨 Hunters International: The Next Evolution of Cyber Extortion?
Emerging in October 2023, Hunters International took over Hive ransomware's legacy, operating across Windows, Linux, FreeBSD, SunOS, and ESXi. But their game is changing—Group-IB’s latest research reveals their planned rebrand as World Leaks, adopting an extortion-only model featuring OSINT-driven coercion, their proprietary "Storage Software," and silent encryption (no ransom notes since v6.0).
Key Findings:
• Transitioning from ransomware to pure data extortion
• Infrastructure overlaps with Lynx/INC Ransom
• Evolving tactics to bypass payment bans and law enforcement
Their stealthy approach and affiliate structure make them a growing threat, particularly for healthcare and real estate sectors. Read the full analysis here
#Cybersecurity #Ransomware #FightAgainstCybercrime
Scam-as-a-service (SaaS) is reshaping cyber fraud in Central Asia. Classiscam operations leverage Telegram bots, phishing panels, and automated credential harvesting to scale attacks with minimal effort.
Our latest research reveals:
✔️How Telegram bots automate phishing site creation
✔️Classiscam’s role-based fraud hierarchy (Fake Support, Data Input, Operators)
✔️Targeting patterns against online marketplaces & financial institutions
✔️Key IoCs & proactive defense strategies
🔗 Read the full report here
#Phishing #FraudIntelligence #CyberSecurity #FightAgainstCybercrime
The Cybercriminal with Four Faces: How Group-IB Tracked ALTDOS, DESORDEN, GHOSTR & 0mid16B
For over four years, a cybercriminal hid behind multiple aliases, orchestrating more than 90 data breaches and extorting victims across Asia and beyond. From ALTDOS to DESORDEN, GHOSTR, and finally 0mid16B, he adapted his tactics, evaded detection, and exploited stolen data. Group-IB’s investigators uncovered the patterns linking his identities.
These findings, along with further investigative intelligence from Group-IB, helped the Royal Thai Police and the Singapore Police Force to track, identify, and ultimately arrest the cybercriminal. 🔗Read the full report.
#Cybersecurity #ThreatIntelligence #CyberInvestigation #FightAgainstCybercrime
Cybercriminals have come up with a clever idea to trick users into running malware on their own systems—no exploits, just deception. The ClickFix technique disguises fake reCAPTCHA pages and "Fix It" pop-ups to auto-copy malicious PowerShell scripts straight to your clipboard. One wrong move, and infostealers like Lumma, Vidar, CStealer, AMOS, and DarkGate are on your system.
What’s happening?
🔹Fake bot verifications copy malicious commands without your knowledge
🔹Victims unknowingly paste and execute malware in their Run dialog
🔹Cybercriminals & APT groups are using ClickFix for large-scale hacking campaigns
Group-IB’s latest research uncovers real-world attack chains, technical breakdowns, and must-know defense strategies.
🔗Read the full blog here
#ClickFix #ThreatIntelligence #APT #InfoStealer
Trust No One – Is It The Right Approach to Network Security?
As organizations have gone perimeter-less, serverless and (consequently security-less), Zero Trust approach is gaining momentum.
No, it’s not cynicism—it’s a proven strategy. With 60%+ of companies already adopting Zero Trust, it is highly effective in protecting business-critical assets and people.
But..
Zero Trust isn’t a one-size-fits-all solution or a plug-and-play framework. It requires continuous monitoring, real-time anomaly detection, and proactive security enforcement.
Implementing it might make businesses question if:
✅ It is the right fit for your organization?
✅ What are the integration challenges?
✅ It will lead to endless false positives?
✅ It can work with existing infrastructure and be scaled over time?
Get your questions answered in our latest blog, where Group-IB experts share insights to begin your Zero Trust journey
#ZeroTrust #Cybersecurity #NetworkSecurity #FightAgainstCybercrime
In a joint operation by Royal Thai Police & Singapore Police Force, with crucial intelligence from Group-IB, authorities have arrested a cybercriminal behind 90+ data breaches worldwide, including 65 across APAC. Since 2020, he targeted companies using SQL injections and vulnerable RDP servers, exfiltrating data to blackmail victims.
Group-IB has been tracking this threat actor since 2020, uncovering his multiple aliases: ALTDOS, DESORDEN, GHOSTR, and 0mid16B. His tactics evolved over time, leaking stolen data across dark web forums.
This landmark arrest is a victory for cybersecurity! Read the full story here
#Cybersecurity #LawEnforcement #FightAgainstCybercrime
🔍 Fingerprint Heists: How Cybercriminals Exploit Browser Fingerprinting
Cybercriminals are taking online fraud to the next level—stealing browser fingerprints to bypass security measures and impersonate users. A new investigation reveals how ScreamedJungle is injecting malicious scripts into compromised Magento sites to collect fingerprints and evade detection.
Key insights from the research:
🔹 Advanced fingerprinting techniques—Fraudsters extract unique browser characteristics without consent.
🔹 Compromised e-commerce sites—Injected BabloSoft scripts harvest user data at scale.
🔹 Bypassing fraud protection—Attackers exploit stolen fingerprints to mimic legitimate users.
🔹 MITRE ATT&CK tactics—Mapping the techniques used to conduct these attacks.
🔗 Read the full technical analysis to understand how threat actors operate and how to defend against it
#FraudPrevention #ThreatIntelligence #Cybersecurity #FightAgainstCybercrime
Our free malware analysis tool helps you hunt for threats more effectively. If you've ever struggled to connect the dots between isolated alerts, this is for you. Cybersecurity expert Gary Ruddell breaks down how you can use the tool in your workflow.
What you'll learn:
1️⃣How to uncover hidden malware connections
2️⃣How to speed up investigations with behavioral insights
3️⃣How to build custom detection rules
Click to watch the full video
🔔 Subscribe to our YouTube channel for more updates: GroupIBGlobal" rel="nofollow">https://www.youtube.com/@GroupIBGlobal
#Cybersecurity #InfoSec #MalwareAnalysis
🚨 The Dark Side of Automation: How AI is Fueling Card Testing Attacks 🚨
As AI-powered automation transforms industries, cybercriminals are weaponizing these tools for large-scale fraud. Card testing attacks are on the rise, with bots and AI agents exploiting stolen credit card details to validate and monetize compromised data.
Key Insights:
🔹How fraudsters obtain stolen credit card information from the dark web and use bot programs to test them on e-commerce websites
🔹The role of AI agents in enabling global fraud operations.
🔹Real-world case studies and detection strategies to combat these threats.
Stay ahead of the curve and learn how businesses can protect themselves from evolving cyber threats and safeguard their customers. 🔗 Read the full blog to understand the risks and solutions
#CyberSecurity #GroupIB #DigitalFraud #FightAgainstCybercrime
Our latest blog dives deep into arbitrage betting (surebets)—a technique that guarantees profits by leveraging odds discrepancies across bookmakers. Highlights include:
✅ The $3.9 billion annual loss in state tax revenue due to illegal betting platforms.
✅ How fraudsters exploit automation and bots to scale arbitrage bets.
✅ Advanced techniques to detect and prevent fraud, including real-time anomaly detection and multi-factor authentication.
Understand the technology, risks, and solutions shaping the iGaming industry. Explore the Surebet Playbook now!
#Surebets #ArbitrageBetting #FraudDetection #iGamingTech
“In a world where cyber threats transcend borders, collaboration is our most powerful defense.” - Dmitry Volkov, CEO of Group-IB. 🚨
Group-IB is proud to join the Cybercrime Atlas community at the World Economic Forum's Centre for Cybersecurity! Together with global stakeholders, we aim to disrupt cybercriminal infrastructure, foster collaboration, and enhance global cybersecurity. As part of this initiative, our experts contribute to mapping the cybercrime landscape and supporting investigations to continue our mission to Fight Against Cybercrime.
Learn more about Group-IB’s role in the Cybercrime Atlas
#Cybersecurity #WEF #GroupIB #FightAgainstCybercrime
Group-IB analysts shed light on the growing trend of fraudsters impersonating real threat actors to sell fake data leaks across dark web forums.
Many of these scammers never conducted any actual attacks and rely on recycled stealer logs (e.g., Raccoon, RedLine), repurposed public breaches, and hybrid datasets mixing real/fake entries. In one case, a fake VIP Telegram channel run by the group R00TK1T earned $10,000 by charging $500 per subscriber for access to freely available public leaks.
Key Insights:
✔️ Chinese-speaking darknet markets and Telegram channels offer nearly 100% fake data.
Impersonators mimic names like LockBit, Bjorka, and IntelBroker to deceive researchers and buyers.
✔️ Fraudsters use auto-generated IDs and rebranded aliases to bypass scrutiny.
✔️ Attackers offering "High-quality private data" in private telegram channels are, in most cases, scammers who present old reassembled data leaks as the result of their attacks.
👉 Read the full blog here
🚨 SMS Pumping Fraud: How Criminals Exploit SMS Verification for Profit 🚨
Our cyber fraud analysts have uncovered a sophisticated SMS Pumping scheme where fraudsters manipulate SMS verification systems to generate artificial traffic, costing businesses millions. By exploiting OTP requests, fake account sign-ups, and corrupt telecom partnerships, attackers inflate SMS volumes, leaving companies with soaring costs and operational disruptions.
Key Insights from the Blog:
✔️ Fraudsters use bots, telecom providers, and fake identities to trigger massive SMS traffic, often bypassing security measures.
✔️ Twitter lost $60M/year to this fraud before implementing stricter telecom provider controls.
✔️ Attacks can lead to system overloads, reputational damage, and penalties from telecom providers.
Businesses relying on SMS for 2FA or onboarding must act now to prevent exploitation. Read the full analysis here
#SMSPumping #ThreatIntelligence #CyberSecurity #FightAgainstCybercrime
We’re proud to partner with Mahidol University to launch the Cybersecurity Center of Excellence, a pioneering initiative to strengthen the nation’s digital resilience.
By integrating Group-IB’s industry-leading technologies, including Managed XDR, Threat Intelligence, and Business Email Protection, into hands-on academic programs, we’re empowering students and professionals with the real-world skills needed to combat today’s and tomorrow’s cyber threats.
This collaboration merges Mahidol’s academic excellence with Group-IB’s global cybersecurity expertise to create a transformative hub for training, research, and workforce development.
Together, we’re empowering our next generation in building a safer digital future. Read More.
#ThreatIntelligence #ManagedXDR #BusinessEmailProtection #FightAgainstCybercrime
📢 Breaking news: Group-IB Wins Frost & Sullivan’s 2025 Global Technology Innovation Leadership Award
In today’s fast-pacing cybersecurity landscape, staying ahead of threats requires continuous innovation and real-world expertise.
Frost & Sullivan has recognized Group-IB for pioneering advancements in custom threat intelligence, holistic cyber fusion approach, and integrated AI-technology — all aimed at helping businesses stay resilient against emerging cyber threats.
Key highlights from the report:
✔ Custom threat intelligence
✔ Unified Risk Platform that includes fraud protection, business email protection, and managed extended detection and response (XDR) solutions
✔ Integration of AI-technologies for better detection, response, and risk mitigation
✔ Decentralized cybersecurity model
Read the full report to see how innovations are shaping the future of cybersecurity
#Cybersecurity #ThreatIntelligence #RiskManagement #AI #FightAgainstCybercrime
Cyber threats across Latin America (LATAM) show a concerning rise!
Cybercriminals have deceived countless victims—using elaborate scams to impersonate well-established brands and exploit users' trust.
In 2024 alone, Group-IB identified at least 97 fraudulent domains targeting four major brands. The level of sophistication among scammers even surprised our own experts.
Want to see these operations in action? Group-IB experts reveal trade secrets from the dark side in the latest blog
#CyberSecurity #LATAM #CyberThreats #FightAgainstCybercrime
Group-IB contributed to INTERPOL-led Operation Red Card, a major international effort to dismantle cybercriminal networks across Africa.
Key Outcomes:
✔️306 suspects arrested for banking fraud, mobile malware attacks, investment fraud and other social engineering scams
✔️5,000+ victims targeted by cybercriminals
✔️ 1,842 devices seized, used to defraud individuals & businesses
✔️$305,000 stolen through social engineering scams uncovered in Rwanda
✔️26 vehicles, 16 houses & 39 plots of land seized from fraudsters in Nigeria
This operation demonstrates the impact of cooperation between law enforcement and the private sector in tackling cybercrime. 🔗Read the full story
#CyberSecurity #LawEnforcement #OperationRedCard #FightAgainstCybercrime
Group-IB is proud to be recognized by the Singapore Police Force for our contributions in combating cyber threats across the Asia-Pacific (APAC) region. This accolade highlights our pivotal role in providing critical investigation data that led to the arrest of DESORDEN in February 2025, responsible for over 90 global data leaks.
The award also recognized the Group-IB Investigation team’s knowledge-sharing efforts by delivering key insights at the ASEAN Cybercrime Conference 2024, reinforcing collective cybersecurity defenses in the region. Read More
#CyberSecurity #GroupIB #APAC #CyberThreats #SingaporePolice #FightAgainstCybercrime
🚨SIM Swapping Fraud: How Fraudsters Bypass Security Measures🚨
Despite advanced telecom and government safeguards, SIM swapping fraud continues to evolve. Fraudsters exploit human vulnerabilities through phishing and social engineering, deceiving individuals to bypass security layers and take control of phone numbers.
With access to a compromised SIM, they can intercept 2FA codes, hijack accounts, and commit identity theft.
🔗 Our latest analysis at Group-IB explores how these attacks happen and what can be done to prevent them.
#SIMSwapping #FraudDetection #CyberSecurity #SocialEngineering #Phishing
Cost of building and maintaining a top-notch cybersecurity stack and team? At least a few thousand. Cost of NOT having one? Millions—lost to cyberattacks, and a constant threat of your customers, data, and operations being jeopardized.
Not having robust security isn’t an option. But even with the best tech, are you truly secure? No—unless you address your biggest hidden cybersecurity cost: your employees.
Insider threats—whether intentional or accidental—are a top concern for organizations today.
The real solution is building a strong security culture. With cybersecurity being a top-cited challenge for leaders today, building a strong security culture is just as essential as technological defenses.
But how should you best approach it? Our cybersecurity experts break it down for you.
#CyberSecurity #InsiderThreats #SecurityCulture
⚠️Cybercrime isn’t just growing—it’s adapting.
Ransomware fuels data breaches. Stolen data powers Initial Access Brokers. AI-driven phishing makes social engineering even more deceptive. And as geopolitical tensions rise, cyber warfare is becoming a tool of state power.
Our 2025 High-Tech Crime Trends Report uncovers how these threats are interconnected—and what it takes to break the cycle.
Cybercriminals are evolving. Are you? Read the full report
#HTCT2025 #cybersecurity #FightAgainstCybercrime
🔍 RansomHub Never Sleeps: The Rise of a New Ransomware Powerhouse
RansomHub has quickly positioned itself as one of the most prolific ransomware groups of 2024. In Part 1 of our latest investigation, Group-IB’s DFIR and Threat Intelligence teams analyze how RansomHub:
🔹 Exploited the takedown of LockBit & ALPHV to recruit affiliates.
🔹 Leveraged RaaS to scale operations across Windows, Linux, ESXi, and FreeBSD.
🔹 Weaponized vulnerabilities like CVE-2024-3400 for initial access.
🔹 Introduced an SFTP ransomware variant to evade traditional defenses.
🔹 Used Filezilla and PCHunter for stealthy exfiltration and security bypass.
With over 600 victims across healthcare, finance, and government, RansomHub is evolving fast. And this is just the beginning. Stay tuned for Episode 2. 🔗 Read Episode 1
#RansomHub #CyberSecurity #FightAgainstCybercrime
Conventional sandboxes often leave analysts struggling with fragmented data. How did we change that?
Group-IB’s Malware Reports library is a free, no-sign-up-required tool that simplifies and deepens the understanding of suspicious files on your endpoints.
In our latest blog post, we explore five practical ways Malware Reports can transform your workflow, whether you're a SOC analyst, threat hunter, or reverse engineer. Read more
#Cybersecurity #MalwareAnalysis #ThreatHunting #FightAgainstCybercrime
🚨 Inside the World of Lynx Ransomware-as-a-Service 🚨
Lynx RaaS is taking ransomware operations to a new level with a highly structured affiliate model, cross-platform ransomware arsenal, and advanced encryption techniques.
👉 Discover how this criminal ecosystem operates, from customizable encryption modes to double extortion tactics. Gain insights into their affiliate panel, recruitment strategy, and the evolving threat landscape.
🔗 Read the full blog to stay informed and protect your organization
#CyberSecurity #ThreatIntelligence #LynxRaaS #FightAgainstCybercrime
🚀 Leading-edge technologies. 🚀 A team of committed cyber defenders. 🌍 A “GLOCAL” strategy leading the global fight against cybercrime.
A significant vision that feels too far to achieve is Group-IB’s today’s reality. We don’t just claim to lead the fight—we actively drive it forward.
✅ Trusted by top law enforcement agencies for investigations, cybercrime operations, and threat retaliation.
📍 Mission-critical Digital Crime Resistance Centers (11 hubs and growing) deliver localized, targeted and timely intelligence to combat active and plausible threats.
🌐 Empowering the broader community through cybersecurity skill-honing events, research-sharing, career guidance, and more.
With its GLOCAL vision, partnerships, and expertise, Group-IB leads global collaboration for a safer digital world. Learn more here
#Cybersecurity #LawEnforcement #GLOCAL #FightAgainstCybercrime
Real estate scams are rising in the Middle East, exploiting online property platforms with sophisticated tactics, creating fake listings, targeting vulnerable individuals, particularly expatriates, and pressuring victims with urgency and FOMO. Our latest analysis reveals the intricate fraud workflow, including:
How scammers manipulate online platforms and rental systems
✅ Group-IB’s Fraud Matrix for visualizing and analyzing the fraud process
✅ Technical analysis of mule networks and identification of key fraud patterns
✅ The impact on financial institutions and the integrity of rental platforms
✅ Proactive recommendations for mitigating these threats
Discover how Group-IB's Fraud Protection is tackling these challenges head-on. Read the full blog
#FraudPrevention #Cybersecurity #MiddleEast