-
Your daily source of cybersecurity news brought to you by one of the global industry leaders.
We infiltrated the notorious Cicada3301 Ransomware-as-a-Service (RaaS) group, and in our latest blog, we take a closer look into their platform and operations. Since its discovery in June 2024, the Cicada3301 ransomware-as-a-service (RaaS) group has targeted various critical sectors, publishing stolen data from 30 companies on leak sites between June and October 2024.
Discover how their advanced multi-platform ransomware, written in Rust, exploits vulnerabilities in Windows, Linux, ESXi, and even PowerPC architectures. Learn about their affiliate model, aggressive tactics, and the complex encryption techniques that make them a formidable threat.
👉 Read more to uncover the inner workings of Cicada3301 and how to stay ahead in the fight against ransomware
#Cybersecurity #Ransomware #Cicada3301 #ThreatIntelligence #FightAgainstCybercrime
Unveiling the Secrets of USB Forensics 🔍
Ever wondered how USB artifacts can reveal crucial insights into file tampering and user activities?
Our latest blog explores how different operating systems and file systems affect the creation of these vital data traces. Learn how Windows, macOS, and Linux handle file access differently, and discover key findings on temporary files, NTFS logs, and hidden macOS databases.
Explore the full analysis now
#USBForensics #Cybersecurity #DFIR #IncidentResponse #FileSystemAnalysis #FightAgainstCybercrime
🚨 Pig Butchering Scam Alert 🚨
Fake trading apps are targeting iOS and Android users worldwide, posing a serious threat to your finances! 💰
Discover how cybercriminals are luring victims with promises of easy money, only to steal it all through fraudulent investment platforms. Group-IB experts have uncovered the latest tactics used in this large-scale scam. Protect yourself today!
🔗 Read the full report and stay safe.
#CyberSecurity #PigButchering #ScamAlert #FraudProtection #GroupIB #FinTechScam
AVO bank, a new digital bank in Uzbekistan, faced rising cyber threats as its digital services grew rapidly. With over 1 million app downloads in just 3 months, the bank needed a strong cybersecurity strategy to protect customers’ data.
By partnering with Group-IB and leveraging solutions like Threat Intelligence and MXDR, AVO bank strengthened its security posture and now provides multi-layered protection for its customers.
Interested in finding out the details?
Read the full case study here.
#Cybersecurity #DigitalBanking
We are pleased to welcome Craig Jones, former Director of Cybercrime at INTERPOL, as an Independent Strategic Advisor to Group-IB. With over three decades of experience in global law enforcement, including his leadership at INTERPOL’s Cybercrime Directorate, Craig brings a wealth of expertise to our mission of combating digital threats.
In his new role, Craig will collaborate with our CEO, Dmitry Volkov, and the Executive Team to shape Group-IB’s long-term strategy, guide market positioning, and strengthen our global efforts to stop cybercriminals.
We look forward to working with Craig as we continue to build a safer digital environment for businesses and communities worldwide.
Read More
#Cybersecurity #DigitalSafety #CyberThreats #FightAgainstCybercrime
⚠️ Is TeamTNT Back? Cloud Infrastructures at Risk Again
After disappearing in 2022, TeamTNT—a notorious threat actor known for targeting cloud environments—may be back with new campaigns impacting VPS infrastructures. Group-IB's DFIR team has uncovered alarming signs of their return, utilizing SSH brute force attacks and custom scripts to compromise systems, disable security features, and hijack cryptocurrency miners.
Explore our latest research to dive deeper into TeamTNT's evolving tactics and their potential resurgence.
🔗 Read the full blog now and stay ahead.
#TeamTNT #CloudSecurity #DFIR #CyberSecurity #FightAgainstCybercrime
We are proud to celebrate the recognition of Anastasia Tikhonova and Ha Hai Phan, who won the Top Women in Security ASEAN Region Award for Thailand and Vietnam.
Vesta Matveeva and Sharmine Low were also named among the top 30 finalists.
Their groundbreaking work in threat intelligence, cybercrime investigations, and malware analysis has significantly advanced global cybersecurity and supported law enforcement efforts. Every day, their expertise continues to enrich the cybersecurity community and strengthen defenses against emerging threats.
Learn more
🔒 With breaches increasing by 72% last year⬆, the expertise needed to manage them effectively is at an all-time low⬇️.
The result? A growing gap that heightens risks for businesses and customers.
Closing the gap requires enabling investment-friendly, continuous, and expert-guided cybersecurity—with Digital Forensics and Incident Response (DFIR) retainer services.
The Gartner® report, Market Guide for Digital Forensics and Incident Response Retainer Services, offers valuable insights and mentions Group-IB as a Representative Vendor for our "Group-IB Incident Response Retainer" service.
Excited to announce Group-IB's recognition as a Representative Vendor for the fourth consecutive time.
Get complete information here.
P.S. Don’t forget to share it within your network!
#Cybersecurity #DFIR #Gartner #MarketGuide #RiskManagement #FightAgainstCybercrime
🚨 Lazarus Group's Latest Scheme: Beaver Fever 2024 🚨
Lazarus Group has intensified its operations with a new campaign using fraudulent job interviews and malicious video conferencing apps to deploy their latest malware—BeaverTail and InvisibleFerret. Our recent analysis at Group-IB reveals:
🔹 Malware Details: BeaverTail, a sophisticated Python-based backdoor, and InvisibleFerret, targeting both cryptocurrency wallets and browser extensions.
🔹 New Tactics: Utilization of hijacked gaming projects and advanced evasion techniques.
Stay informed and protect your digital assets by reading our comprehensive report on these emerging threats.
🔗 Explore the full analysis
#Cybersecurity #Malware #ThreatAnalysis #LazarusGroup #GroupIB #BeaverTail #CyberThreats #MalwareAnalysis
Explore how Linux's procfs can be exploited to conceal processes from administrators. Although /proc provides critical system and process information, techniques such as remounting can be used to obscure active processes.
Read more about this exploit and more, and how administrators can protect their systems on our blog!
#cybersecurity #linux #exploit
On June 20, 2024, the Indonesian data center experienced a severe ransomware attack by the group Brain Cipher, impacting approximately 210 critical government services, including customs and immigration. This led to significant delays for travelers at airports.
Initially demanding an $8-million ransom, Brain Cipher later released the decryptor for free. Group-IB's High-Tech Crime Investigation team has provided insights into the group's previous activities and tactics, revealing their use of ransom notes and data leak threats as extortion methods. The Brain Cipher group has been active since at least April 2024 and shows connections to other ransomware entities such as EstateRansomware and SenSayQ.
Dive into the inner workings of Brain Cipher on our blog now
#CyberSecurity #Ransomware #DataBreach #InfoSec #CyberCrime #DataSecurity #CyberInvestigation #FightAgainstCybercrime
At #CyberDSA2024, CyberSecurity Malaysia and Group-IB signed a Memorandum of Understanding (MOU) to boost Malaysia's cyber resilience and safeguard its critical IT infrastructure. The MOU includes provisions for information sharing on cyber threats, technical support, cybersecurity training, and emergency response coordination. It also aims to increase cybersecurity awareness, support SMEs, and use Group-IB’s Digital Crime Resistance Centers for threat analysis and joint cybercrime operations. The agreement was signed on 6 August 2024 in Kuala Lumpur, with key figures from both organizations and the Ministry of Digital present.
🔗 Read more
#CyberSecurity #Malaysia #CyberResilience #CyberThreats #CybersecurityAwareness #FightAgainstCybercrime
🚨 Beware the RAT: Android Remote Access Malware Strikes in Malaysia 🚨
CraxsRAT, an advanced Android Remote Administration Tool (RAT), is wreaking havoc in Malaysia. This notorious malware allows fraudsters to remotely control devices, steal credentials, and drain bank accounts. Our investigation reveals CraxsRAT's sophisticated phishing tactics, where victims are lured to download malicious apps from fake websites mimicking local brands. Within minutes, credentials are stolen, leading to unauthorized withdrawals.
Group-IB's Fraud Protection team has detected over 210 samples and developed cutting-edge detection rules to combat this evolving threat. Stay informed and protect your organization with our in-depth analysis.
🔍 Read the full technical report
#CyberSecurity #Malware #FraudProtection #CraxsRAT #BankingSecurity #ThreatIntelligence
AI enables cybercriminals to launch attacks faster, more frequently, and with greater impact. However, viewing AI as a threat only applies to businesses that don’t leverage it to gain a cybersecurity advantage.
Hear what Group-IB’s CEO, Dmitry Volkov, says and discover how to make AI work for you in our new Cybersecurity x AI eGuide
#AI #cybersecurity #cyberattacks #technology #cybercrime #business #infosec
🖥 Expanding your digital footprint with interfaces, channels, and customer interactions amplifies cyber risks.
And when a risk escalates into a major disruption, do you have the expertise and technology to immediately stop it? 🤔
🏆 Discover how Group-IB’s Digital Risk Protection monitors, detects, and takes down brand risks and violations in real time, all with minimal intervention from your end.
Curious to know how it works? Dive into our full blog to uncover
#GroupIB #DigitalRiskProtection #Cybersecurity #BrandProtection #FightAgainstCybercrime
New and potent cyber threats are jolting Asia’s digital banking scene, and conventional anti-fraud systems fail to keep up.
As the payment value chain faces constant threats, compliance and ethical expectations from brands continue to rise.
🤔 This also raises critical questions they can no longer avoid: How can fraud be stopped in real-time, and who is ultimately responsible when it happens?
Conventional anti-fraud and transaction monitoring aren’t enough — analyzing devices, telemetry signals, and risk behaviors is essential for detecting early signs of abuse and stopping fraud before it escalates.
Learn how Group-IB Fraud Protection and anti-fraud experts are helping banks gather crucial real-time insights, strengthen protection, prevent new fraud vectors, and bring significant savings.
The blog is now out
#CyberSecurity #DigitalBanking #FraudPrevention #PaymentSecurity #FraudDetection #AsiaTech #FightAgainstCybercrime
We are delighted to have contributed to INTERPOL's "Operation Contender 2.0." which led to the arrest of two individuals by the Nigerian Police Force for their role in a romance scam that resulted in significant financial losses for a victim in Finland.
As an INTERPOL Gateway Partner, Group-IB provided vital intelligence that helped law enforcement pinpoint and apprehend these cybercriminals. Our ongoing support for Operation Contender 2.0 reflects our commitment to combating digital crime and protecting victims worldwide.
Read More
#INTERPOL #OperationContender #Cybercrime #DigitalCrime #Cybersecurity #LawEnforcement #VictimsRights #FightAgainstCybercrime
🚨 Strengthening Brunei’s cybersecurity!
Group-IB and ITPSS are officially teaming up to protect the nation's digital future!
From cyber threat intelligence to rapid incident response, our partnership is set to enhance Brunei’s defenses and safeguard critical infrastructure, businesses, and citizens. Together, we’re paving the way for a smarter, safer digital landscape aligned with Brunei’s Vision 2035. 🌐
Read more.
#GroupIB #ITPSS #CyberSecurityBrunei #DigitalDefense #CySec2024 #Vision2035 #CyberResilience #StrongerTogether
What if the next ransomware attack isn't just about encryption?
The DragonForce ransomware group is reshaping the threat landscape with customized attacks, dual extortion tactics, and tools for affiliates to wreak havoc.
Dive into our latest research as Group-IB’s experts reveal the inside story of DragonForce's evolution and its relentless pursuit of critical industries worldwide.
🔗 Read the full blog to stay ahead.
#cybersecurity #ransomware #InfoSec #DataProtection #CyberThreats #FightAgainstCybercrime
Group-IB is proud to have supported international “Operation Kaerb," a joint effort coordinated by Europol and Ameripol in partnership with European and Latin American law enforcement agencies and judiciary authorities, leading to the arrest of 17 individuals behind the iServer phishing-as-a-service platform. The cybercriminals claimed over 483,000 mobile phone victims globally. Group-IB's continued collaboration with international partners underscores our commitment to combating cybercrime and protecting users worldwide.
Read more about this successful operation and our role in it.
#Cybercrime #Phishing #Cybersecurity #GroupIB #DigitalSafety #LawEnforcement #CyberFraud
It's no secret that the dark web has been a breeding ground for cybercriminal activities.
However, with advanced technology, investigative expertise, and effective operations, many adversaries have been shackled, if not entirely stopped, from openly carrying out their malicious activities.
Yet, crime doesn’t stop—it shifts. Cybercriminals are now exploiting social media to spread malware, sell stolen data, and recruit accomplices.
At Group-IB, our investigators use manual analysis, specialized tools like Group-IB Threat Intelligence, and social engineering tactics to uncover cybercriminals' hidden motives and gain firsthand insights into emerging trends—helping businesses understand how to protect themselves.
👉 Find out more here.
Think more people should know about this? Like, repost, and share with your network!
#DarkWeb #ThreatIntelligence #SocialEngineering #DataSecurity #FightAgainstCybercrime
Our latest investigation reveals a sophisticated Android malware campaign, codenamed Ajina, targeting Central Asia. Named after a mythical spirit from Uzbek folklore, this malware deceives users by posing as legitimate apps, compromising personal and financial data across the region. Our investigation revealed over 1,400 unique samples, highlighting the attackers' regional knowledge and growing reach.
Discover how these malicious actors are spreading malware through Telegram, the techniques they're using, and the broader implications for users and businesses alike.
🛡️ Stay informed and stay secure.
Read the full analysis by our experts now
#CyberSecurity #ThreatIntelligence #infosec #FightAgainstCybercrime #AndroidMalware #Telegram
The Group-IB DFIR Team has identified a new technique that exploits the pam_exec module to gain privileged shell access and establish persistent control on compromised hosts.
The flexibility of the Pluggable Authentication Module (PAM) poses risks, particularly with pam_exec, which can be used to run malicious scripts. These scripts can be injected into PAM configurations, allowing attackers to maintain access and manipulate authentication processes undetected. PAM’s plaintext transmission of values and lack of secure password storage further exacerbate the risk.
Find out more on our blog, and review your PAM configurations to protect against this vulnerability.
#CyberSecurity #DFIR #ThreatHunting #PAM #MITREATTACK #FightAgainstCybercrime
🚨 New Threat Research Alert: RansomHub, a rising force in ransomware, has launched an aggressive affiliate program and is targeting key industries worldwide.
Our latest blog dives deep into their tactics, from recruiting former Scattered Spider members to executing double-extortion attacks.
Discover how they’re exploiting unprotected RDP services and exfiltrating massive amounts of data. Stay ahead of the curve—read our detailed analysis and protect your organization from this escalating threat.
🔗 Read Here
Our latest investigation reveals a sophisticated Android malware campaign, codenamed Ajina, targeting Central Asia. Named after a mythical spirit from Uzbek folklore, this malware deceives users by posing as legitimate apps, compromising personal and financial data across the region. Our investigation revealed over 1,400 unique samples, highlighting the attackers' regional knowledge and growing reach.
Discover how these malicious actors are spreading malware through Telegram, the techniques they're using, and the broader implications for users and businesses alike.
🛡️ Stay informed,and stay secure.
Read the full analysis by our experts now
#CyberSecurity #ThreatIntelligence #infosec #FightAgainstCybercrime #AndroidMalware #Telegram
🚨 Under Siege: The Critical Risk of Compromised Mobile Device Management Credentials 🚨
In our latest blog, Nikita Rostovcev, Cyber Intelligence Researcher at Group-IB, delves into the alarming risks posed by compromised Mobile Device Management (MDM) credentials. With over 1,500 login pairs discovered on the dark web, exposing companies to severe cyber threats.
Key Insights:
1️⃣ 27.5% of MDM interfaces accessible from the external Internet
2️⃣ Targeted malware attacks leading to credential theft
3️⃣ Risks to business continuity, data security, and legal compliance
Discover how threat actors exploit these vulnerabilities and what you can do to protect your organization. Learn about essential measures such as re-enrolling devices, continuous dark web monitoring, and implementing MFA.
🔗 Read the full analysis
#Cybersecurity #GroupIB #MDM #DataSecurity #ThreatIntelligence #CyberThreats #MobileSecurity #BusinessContinuity #FightAgainstCybercrime
🚨 Working as an essential/critical entity in Europe? This is for you!
The Network and Information Security Directive 2 (NIS 2) and its definitive cybersecurity requirements are set for regional businesses. With the compliance deadline nearing—October 17, 2024—there's no time to waste!
Get complete information on NIS 2 in our latest blog
✔️Assess if your industry is covered, the compliance criteria, what technology upgrades are required to achieve compliance status, and more.
Unsure of your compliance stance or haven’t achieved full compliance yet? Collaborate with Group-IB experts to get NIS 2 ready. Download the leaflet now
Ensure you meet compliance to avoid financial and legal implications or suspension of business activities. With almost two months left, start building your NIS 2 strategy today!
#NIS2 #CyberSecurity #Compliance #GroupIB #RiskManagement #CyberAwareness #FightAgainstCybercrime
Exposing the GXC Team: AI-Powered Phishing and OTP Interception 🔍
Group-IB has identified the GXC Team, a Spanish-speaking cybercriminal group specializing in AI-powered phishing-as-a-service and Android malware designed to intercept OTP codes. Emerging in early 2023, GXC Team targets Spanish bank users and institutions worldwide with a sophisticated suite of phishing tools and malware.
Our latest blog post provides an in-depth analysis of their operational methods, including the development and distribution of phishing kits, Android malware, and custom coding services. Learn about their malware-as-a-service model, their innovative phishing tactics, and strategies for effective defense against these threats.
Read the full analysis to understand how these cybercriminals operate and learn essential strategies to defend against such threats
#CyberSecurity #Phishing #Malware #BankingSecurity #CyberCriminal #AI #FightAgainstCrime
The Qilin ransomware group recently grabbed headlines with a massive $50 million ransom demand, hitting Synnovis and impacting NHS hospitals in London. Since its emergence from Agenda ransomware, Qilin has evolved into a powerful Rust-based threat, targeting over 150 organizations in 25 countries.
🛡️Our latest blog explores their evolving tactics, including exploitation of Fortinet and Veeam Backup vulnerabilities, precise ransomware deployment arguments, and unique hashing methods. Additionally, the analysis details their privilege escalation techniques, defense evasion methods, and lateral movement via PsExec and VMware vCenter. The ransomware itself utilizes AES-256 CTR or ChaCha20 encryption, further impeding recovery by deleting backups and rebooting systems. It’s essential reading for anyone in cybersecurity to understand and counteract this evolving threat.
🔗 Check out the full blog post
#CyberSecurity #Ransomware #ThreatIntelligence #QilinRansomware #Healthcare #FightAgainstCrime
In March 2023, the vulnerability CVE-2023-27532 was disclosed, yet one company failed to patch their systems in time. This oversight led to a devastating ransomware attack by EstateRansomware in April 2024.
The attackers exploited a dormant account through FortiGate VPN, infiltrating the failover server. They deployed a persistent backdoor, harvested credentials, and disabled defenses, ultimately deploying ransomware that caused significant damage.
Group-IB’s Digital Forensics and Incident Response (DFIR) team investigated, tracing the attack from the initial breach to the ransomware deployment. Our analysis provides crucial insights and practical recommendations to help cybersecurity professionals prevent similar incidents.
Read the full story to learn how timely updates and regular security reviews can protect your organization from such threats
#CyberSecurity #Ransomware #Vulnerability #GroupIB #DFIR