-
Your daily source of cybersecurity news brought to you by one of the global industry leaders.
We are pleased to welcome Craig Jones, former Director of Cybercrime at INTERPOL, as an Independent Strategic Advisor to Group-IB. With over three decades of experience in global law enforcement, including his leadership at INTERPOL’s Cybercrime Directorate, Craig brings a wealth of expertise to our mission of combating digital threats.
In his new role, Craig will collaborate with our CEO, Dmitry Volkov, and the Executive Team to shape Group-IB’s long-term strategy, guide market positioning, and strengthen our global efforts to stop cybercriminals.
We look forward to working with Craig as we continue to build a safer digital environment for businesses and communities worldwide.
Read More
#Cybersecurity #DigitalSafety #CyberThreats #FightAgainstCybercrime
⚠️ Is TeamTNT Back? Cloud Infrastructures at Risk Again
After disappearing in 2022, TeamTNT—a notorious threat actor known for targeting cloud environments—may be back with new campaigns impacting VPS infrastructures. Group-IB's DFIR team has uncovered alarming signs of their return, utilizing SSH brute force attacks and custom scripts to compromise systems, disable security features, and hijack cryptocurrency miners.
Explore our latest research to dive deeper into TeamTNT's evolving tactics and their potential resurgence.
🔗 Read the full blog now and stay ahead.
#TeamTNT #CloudSecurity #DFIR #CyberSecurity #FightAgainstCybercrime
We are proud to celebrate the recognition of Anastasia Tikhonova and Ha Hai Phan, who won the Top Women in Security ASEAN Region Award for Thailand and Vietnam.
Vesta Matveeva and Sharmine Low were also named among the top 30 finalists.
Their groundbreaking work in threat intelligence, cybercrime investigations, and malware analysis has significantly advanced global cybersecurity and supported law enforcement efforts. Every day, their expertise continues to enrich the cybersecurity community and strengthen defenses against emerging threats.
Learn more
🔒 With breaches increasing by 72% last year⬆, the expertise needed to manage them effectively is at an all-time low⬇️.
The result? A growing gap that heightens risks for businesses and customers.
Closing the gap requires enabling investment-friendly, continuous, and expert-guided cybersecurity—with Digital Forensics and Incident Response (DFIR) retainer services.
The Gartner® report, Market Guide for Digital Forensics and Incident Response Retainer Services, offers valuable insights and mentions Group-IB as a Representative Vendor for our "Group-IB Incident Response Retainer" service.
Excited to announce Group-IB's recognition as a Representative Vendor for the fourth consecutive time.
Get complete information here.
P.S. Don’t forget to share it within your network!
#Cybersecurity #DFIR #Gartner #MarketGuide #RiskManagement #FightAgainstCybercrime
🚨 Lazarus Group's Latest Scheme: Beaver Fever 2024 🚨
Lazarus Group has intensified its operations with a new campaign using fraudulent job interviews and malicious video conferencing apps to deploy their latest malware—BeaverTail and InvisibleFerret. Our recent analysis at Group-IB reveals:
🔹 Malware Details: BeaverTail, a sophisticated Python-based backdoor, and InvisibleFerret, targeting both cryptocurrency wallets and browser extensions.
🔹 New Tactics: Utilization of hijacked gaming projects and advanced evasion techniques.
Stay informed and protect your digital assets by reading our comprehensive report on these emerging threats.
🔗 Explore the full analysis
#Cybersecurity #Malware #ThreatAnalysis #LazarusGroup #GroupIB #BeaverTail #CyberThreats #MalwareAnalysis
Explore how Linux's procfs can be exploited to conceal processes from administrators. Although /proc provides critical system and process information, techniques such as remounting can be used to obscure active processes.
Read more about this exploit and more, and how administrators can protect their systems on our blog!
#cybersecurity #linux #exploit
On June 20, 2024, the Indonesian data center experienced a severe ransomware attack by the group Brain Cipher, impacting approximately 210 critical government services, including customs and immigration. This led to significant delays for travelers at airports.
Initially demanding an $8-million ransom, Brain Cipher later released the decryptor for free. Group-IB's High-Tech Crime Investigation team has provided insights into the group's previous activities and tactics, revealing their use of ransom notes and data leak threats as extortion methods. The Brain Cipher group has been active since at least April 2024 and shows connections to other ransomware entities such as EstateRansomware and SenSayQ.
Dive into the inner workings of Brain Cipher on our blog now
#CyberSecurity #Ransomware #DataBreach #InfoSec #CyberCrime #DataSecurity #CyberInvestigation #FightAgainstCybercrime
At #CyberDSA2024, CyberSecurity Malaysia and Group-IB signed a Memorandum of Understanding (MOU) to boost Malaysia's cyber resilience and safeguard its critical IT infrastructure. The MOU includes provisions for information sharing on cyber threats, technical support, cybersecurity training, and emergency response coordination. It also aims to increase cybersecurity awareness, support SMEs, and use Group-IB’s Digital Crime Resistance Centers for threat analysis and joint cybercrime operations. The agreement was signed on 6 August 2024 in Kuala Lumpur, with key figures from both organizations and the Ministry of Digital present.
🔗 Read more
#CyberSecurity #Malaysia #CyberResilience #CyberThreats #CybersecurityAwareness #FightAgainstCybercrime
🚨 Beware the RAT: Android Remote Access Malware Strikes in Malaysia 🚨
CraxsRAT, an advanced Android Remote Administration Tool (RAT), is wreaking havoc in Malaysia. This notorious malware allows fraudsters to remotely control devices, steal credentials, and drain bank accounts. Our investigation reveals CraxsRAT's sophisticated phishing tactics, where victims are lured to download malicious apps from fake websites mimicking local brands. Within minutes, credentials are stolen, leading to unauthorized withdrawals.
Group-IB's Fraud Protection team has detected over 210 samples and developed cutting-edge detection rules to combat this evolving threat. Stay informed and protect your organization with our in-depth analysis.
🔍 Read the full technical report
#CyberSecurity #Malware #FraudProtection #CraxsRAT #BankingSecurity #ThreatIntelligence
AI enables cybercriminals to launch attacks faster, more frequently, and with greater impact. However, viewing AI as a threat only applies to businesses that don’t leverage it to gain a cybersecurity advantage.
Hear what Group-IB’s CEO, Dmitry Volkov, says and discover how to make AI work for you in our new Cybersecurity x AI eGuide
#AI #cybersecurity #cyberattacks #technology #cybercrime #business #infosec
🖥 Expanding your digital footprint with interfaces, channels, and customer interactions amplifies cyber risks.
And when a risk escalates into a major disruption, do you have the expertise and technology to immediately stop it? 🤔
🏆 Discover how Group-IB’s Digital Risk Protection monitors, detects, and takes down brand risks and violations in real time, all with minimal intervention from your end.
Curious to know how it works? Dive into our full blog to uncover
#GroupIB #DigitalRiskProtection #Cybersecurity #BrandProtection #FightAgainstCybercrime
With fraud and cyber threats at an all time high, operating in silos is no longer a proper combative strategy for security leaders and teams.
A cybersecurity and fraud prevention fusion is essential to identify, dissect, and counter cyber threats before they escalate into fraud.
Learn more about the future-leaning cyber-fraud fusion and the necessary adjustments needed in your strategy in our blog
Discover how Group-IB is leading the change and remains one of only two vendors offering this capability through its proprietary Fraud Matrix.
#CyberSecurity #CyberThreats #SecurityLeaders #FraudPrevention #FraudMatrix #CyberFraud
As a trusted partner for businesses in managing cybersecurity, MSSPs and MDR providers must continually enhance their service portfolios to address the evolving threat landscape.
Specifically, with Cyber Threat Intelligence (CTI), where:
🔍Expectations - Continuous stream of critical, real-time, and actionable threat insights to counter emerging threats.
⁉️Reality - Focus on basic indicators and lack the resources or structured programs to interpret and act on advanced and tailored threat intelligence.
How can you bridge the gap as an MSSP provider? Enable these three CTI capabilities for your business clients to enhance threat detection and response.
Read all about it and more
#MSSP #MDR #CyberSecurity #ThreatIntelligence #InfoSec #BusinessSecurity #DataProtection
🚨 New Blog Alert🚨
In our latest blog post, we dive deep into the nefarious activities of the threat actor known as Boolka. From opportunistic SQL injection attacks to the creation of sophisticated malware like the BMANAGER modular trojan, discover how Boolka has been infecting websites and stealing data with malicious scripts. Read on to learn about Boolka's tactics, techniques, and the tools used to combat this cyber threat.
Read More
#CyberSecurity #Malware #ThreatIntelligence #Boolka #CyberAttack #DataSecurity #InfoSec
Our latest Hi-Tech Crime Trends 23/24 Report sparked immense interest across the cybersecurity industry, prompting thousands of downloads and numerous web mentions.
To ensure no one misses these critical cybersecurity insights, we're here with a slightly digestible version—the Hi-Tech Crime Trends 23/24 infographic!
45 hard-hitting facts and figures that will challenge businesses' preparedness against the rising tide of cyber threats and help them build unbeatable defenses.
Ready to do your part? Share it far and wide to help your network confront cyber risks head-on.
https://www.group-ib.com/landing/hi-tech-crime-trends-2023-2024-infographics/?utm_source=telegram&utm_campaign=Hi-Tech%20Crime%20Trends%20Report%202023-24&utm_medium=social
Group-IB is proud to have supported international “Operation Kaerb," a joint effort coordinated by Europol and Ameripol in partnership with European and Latin American law enforcement agencies and judiciary authorities, leading to the arrest of 17 individuals behind the iServer phishing-as-a-service platform. The cybercriminals claimed over 483,000 mobile phone victims globally. Group-IB's continued collaboration with international partners underscores our commitment to combating cybercrime and protecting users worldwide.
Read more about this successful operation and our role in it.
#Cybercrime #Phishing #Cybersecurity #GroupIB #DigitalSafety #LawEnforcement #CyberFraud
It's no secret that the dark web has been a breeding ground for cybercriminal activities.
However, with advanced technology, investigative expertise, and effective operations, many adversaries have been shackled, if not entirely stopped, from openly carrying out their malicious activities.
Yet, crime doesn’t stop—it shifts. Cybercriminals are now exploiting social media to spread malware, sell stolen data, and recruit accomplices.
At Group-IB, our investigators use manual analysis, specialized tools like Group-IB Threat Intelligence, and social engineering tactics to uncover cybercriminals' hidden motives and gain firsthand insights into emerging trends—helping businesses understand how to protect themselves.
👉 Find out more here.
Think more people should know about this? Like, repost, and share with your network!
#DarkWeb #ThreatIntelligence #SocialEngineering #DataSecurity #FightAgainstCybercrime
Our latest investigation reveals a sophisticated Android malware campaign, codenamed Ajina, targeting Central Asia. Named after a mythical spirit from Uzbek folklore, this malware deceives users by posing as legitimate apps, compromising personal and financial data across the region. Our investigation revealed over 1,400 unique samples, highlighting the attackers' regional knowledge and growing reach.
Discover how these malicious actors are spreading malware through Telegram, the techniques they're using, and the broader implications for users and businesses alike.
🛡️ Stay informed and stay secure.
Read the full analysis by our experts now
#CyberSecurity #ThreatIntelligence #infosec #FightAgainstCybercrime #AndroidMalware #Telegram
The Group-IB DFIR Team has identified a new technique that exploits the pam_exec module to gain privileged shell access and establish persistent control on compromised hosts.
The flexibility of the Pluggable Authentication Module (PAM) poses risks, particularly with pam_exec, which can be used to run malicious scripts. These scripts can be injected into PAM configurations, allowing attackers to maintain access and manipulate authentication processes undetected. PAM’s plaintext transmission of values and lack of secure password storage further exacerbate the risk.
Find out more on our blog, and review your PAM configurations to protect against this vulnerability.
#CyberSecurity #DFIR #ThreatHunting #PAM #MITREATTACK #FightAgainstCybercrime
🚨 New Threat Research Alert: RansomHub, a rising force in ransomware, has launched an aggressive affiliate program and is targeting key industries worldwide.
Our latest blog dives deep into their tactics, from recruiting former Scattered Spider members to executing double-extortion attacks.
Discover how they’re exploiting unprotected RDP services and exfiltrating massive amounts of data. Stay ahead of the curve—read our detailed analysis and protect your organization from this escalating threat.
🔗 Read Here
Our latest investigation reveals a sophisticated Android malware campaign, codenamed Ajina, targeting Central Asia. Named after a mythical spirit from Uzbek folklore, this malware deceives users by posing as legitimate apps, compromising personal and financial data across the region. Our investigation revealed over 1,400 unique samples, highlighting the attackers' regional knowledge and growing reach.
Discover how these malicious actors are spreading malware through Telegram, the techniques they're using, and the broader implications for users and businesses alike.
🛡️ Stay informed,and stay secure.
Read the full analysis by our experts now
#CyberSecurity #ThreatIntelligence #infosec #FightAgainstCybercrime #AndroidMalware #Telegram
🚨 Under Siege: The Critical Risk of Compromised Mobile Device Management Credentials 🚨
In our latest blog, Nikita Rostovcev, Cyber Intelligence Researcher at Group-IB, delves into the alarming risks posed by compromised Mobile Device Management (MDM) credentials. With over 1,500 login pairs discovered on the dark web, exposing companies to severe cyber threats.
Key Insights:
1️⃣ 27.5% of MDM interfaces accessible from the external Internet
2️⃣ Targeted malware attacks leading to credential theft
3️⃣ Risks to business continuity, data security, and legal compliance
Discover how threat actors exploit these vulnerabilities and what you can do to protect your organization. Learn about essential measures such as re-enrolling devices, continuous dark web monitoring, and implementing MFA.
🔗 Read the full analysis
#Cybersecurity #GroupIB #MDM #DataSecurity #ThreatIntelligence #CyberThreats #MobileSecurity #BusinessContinuity #FightAgainstCybercrime
🚨 Working as an essential/critical entity in Europe? This is for you!
The Network and Information Security Directive 2 (NIS 2) and its definitive cybersecurity requirements are set for regional businesses. With the compliance deadline nearing—October 17, 2024—there's no time to waste!
Get complete information on NIS 2 in our latest blog
✔️Assess if your industry is covered, the compliance criteria, what technology upgrades are required to achieve compliance status, and more.
Unsure of your compliance stance or haven’t achieved full compliance yet? Collaborate with Group-IB experts to get NIS 2 ready. Download the leaflet now
Ensure you meet compliance to avoid financial and legal implications or suspension of business activities. With almost two months left, start building your NIS 2 strategy today!
#NIS2 #CyberSecurity #Compliance #GroupIB #RiskManagement #CyberAwareness #FightAgainstCybercrime
Exposing the GXC Team: AI-Powered Phishing and OTP Interception 🔍
Group-IB has identified the GXC Team, a Spanish-speaking cybercriminal group specializing in AI-powered phishing-as-a-service and Android malware designed to intercept OTP codes. Emerging in early 2023, GXC Team targets Spanish bank users and institutions worldwide with a sophisticated suite of phishing tools and malware.
Our latest blog post provides an in-depth analysis of their operational methods, including the development and distribution of phishing kits, Android malware, and custom coding services. Learn about their malware-as-a-service model, their innovative phishing tactics, and strategies for effective defense against these threats.
Read the full analysis to understand how these cybercriminals operate and learn essential strategies to defend against such threats
#CyberSecurity #Phishing #Malware #BankingSecurity #CyberCriminal #AI #FightAgainstCrime
The Qilin ransomware group recently grabbed headlines with a massive $50 million ransom demand, hitting Synnovis and impacting NHS hospitals in London. Since its emergence from Agenda ransomware, Qilin has evolved into a powerful Rust-based threat, targeting over 150 organizations in 25 countries.
🛡️Our latest blog explores their evolving tactics, including exploitation of Fortinet and Veeam Backup vulnerabilities, precise ransomware deployment arguments, and unique hashing methods. Additionally, the analysis details their privilege escalation techniques, defense evasion methods, and lateral movement via PsExec and VMware vCenter. The ransomware itself utilizes AES-256 CTR or ChaCha20 encryption, further impeding recovery by deleting backups and rebooting systems. It’s essential reading for anyone in cybersecurity to understand and counteract this evolving threat.
🔗 Check out the full blog post
#CyberSecurity #Ransomware #ThreatIntelligence #QilinRansomware #Healthcare #FightAgainstCrime
In March 2023, the vulnerability CVE-2023-27532 was disclosed, yet one company failed to patch their systems in time. This oversight led to a devastating ransomware attack by EstateRansomware in April 2024.
The attackers exploited a dormant account through FortiGate VPN, infiltrating the failover server. They deployed a persistent backdoor, harvested credentials, and disabled defenses, ultimately deploying ransomware that caused significant damage.
Group-IB’s Digital Forensics and Incident Response (DFIR) team investigated, tracing the attack from the initial breach to the ransomware deployment. Our analysis provides crucial insights and practical recommendations to help cybersecurity professionals prevent similar incidents.
Read the full story to learn how timely updates and regular security reviews can protect your organization from such threats
#CyberSecurity #Ransomware #Vulnerability #GroupIB #DFIR
Discover how Eldorado Ransomware, with its advanced encryption techniques and global impact, marks the evolving landscape of cybercrime🕵️♂️.
Our latest blog post delves into the rise of Ransomware-as-a-Service (RaaS) on dark web forums, focusing on ElDorado—a new player recruiting affiliates and providing powerful tools for devastating attacks.
Explore the dramatic increase in ransomware incidents, the secretive forums like RAMP where cybercriminals convene, and the technical workings of ElDorado. Learn crucial strategies to safeguard your organization. Unravel the hidden empire of ElDorado Ransomware in our full analysis.
Read now
#Cybercrime #Ransomware #GroupIB #Cybersecurity #RansomwareAsAService #DarkWeb #InfoSec
App interfaces are built for convenient experiences 📱✨.
But as much as your customers prefer them, adversaries do too, using fake apps to perpetrate fraud, access sensitive information, and take control of devices.
Group-IB’s High-Tech Crime Investigations team analyzed a similar scam scheme involving illegitimate brand apps that were actually Remote Access Trojans (RATs) built using Craxs Rat🕵️♂️.
Developed by EVLF, Craxs Rat continues to be sold as malware-as-a-service and is evolving.
Dive into the complete details and latest developments on Craxs Rat, uncovered by Group-IB to defend yourself from becoming the next victim
#FakeAppScam #Malware #RAT #DarkWeb #CyberInvestigations #FightAgainstCybercrime
We are proud to have played a pivotal role in "Operation DISTANTHILL" alongside the Singapore Police Force, Hong Kong Police Force, and Royal Malaysia Police. Together, we successfully nabbed cyber fraud syndicates behind a notorious Android Remote Access Trojan (RAT) campaign that wreaked havoc in Singapore and Hong Kong in 2023.
After months of intensive data collection and analysis, Group-IB uncovered the vast network used by these cybercriminals, leading to their arrest. More than 4,000 victims were defrauded across Southeast Asia. Among them, the Singapore police recorded 1,899 related cases in 2023 with a total loss of more than US$25 million.
Learn more about how our collaboration with international law enforcement brought down this cybercrime syndicate
#CyberSecurity #CyberCrime #RATCampaign #DataSecurity #CyberFraud #FightAgainstCrime #Android
📢 Breaking News 📢
Group-IB proudly becomes the first Security Operations Center-Capability & Maturity Model (SOC-CMM) Silver Support Partner in the Asia-Pacific region! 🌏
As a Silver Support Partner, Group-IB will leverage its extensive expertise and Digital Crime Resistance Centers (DCRCs) located in the Middle East, Europe, Central Asia, and the Asia-Pacific to deliver SOC-CMM advisory services globally. This partnership aims to enhance global cybersecurity by providing comprehensive assessments, consulting services, and targeted training to Security Operations Centers (SOCs) worldwide.
Read more about our strategic collaboration and its impact on the cybersecurity landscape
#Cybersecurity #GroupIB #SOCCMM #CyberDefense #DigitalCrime #CyberSecurityExcellence