We are proud to have played a pivotal role in "Operation DISTANTHILL" alongside the Singapore Police Force, Hong Kong Police Force, and Royal Malaysia Police. Together, we successfully nabbed cyber fraud syndicates behind a notorious Android Remote Access Trojan (RAT) campaign that wreaked havoc in Singapore and Hong Kong in 2023.
After months of intensive data collection and analysis, Group-IB uncovered the vast network used by these cybercriminals, leading to their arrest. More than 4,000 victims were defrauded across Southeast Asia. Among them, the Singapore police recorded 1,899 related cases in 2023 with a total loss of more than US$25 million.
Learn more about how our collaboration with international law enforcement brought down this cybercrime syndicate
#CyberSecurity #CyberCrime #RATCampaign #DataSecurity #CyberFraud #FightAgainstCrime #Android
After months of intensive data collection and analysis, Group-IB uncovered the vast network used by these cybercriminals, leading to their arrest. More than 4,000 victims were defrauded across Southeast Asia. Among them, the Singapore police recorded 1,899 related cases in 2023 with a total loss of more than US$25 million.
Learn more about how our collaboration with international law enforcement brought down this cybercrime syndicate
#CyberSecurity #CyberCrime #RATCampaign #DataSecurity #CyberFraud #FightAgainstCrime #Android
π16π₯8π2
π¨ New Blog Alertπ¨
In our latest blog post, we dive deep into the nefarious activities of the threat actor known as Boolka. From opportunistic SQL injection attacks to the creation of sophisticated malware like the BMANAGER modular trojan, discover how Boolka has been infecting websites and stealing data with malicious scripts. Read on to learn about Boolka's tactics, techniques, and the tools used to combat this cyber threat.
Read More
#CyberSecurity #Malware #ThreatIntelligence #Boolka #CyberAttack #DataSecurity #InfoSec
In our latest blog post, we dive deep into the nefarious activities of the threat actor known as Boolka. From opportunistic SQL injection attacks to the creation of sophisticated malware like the BMANAGER modular trojan, discover how Boolka has been infecting websites and stealing data with malicious scripts. Read on to learn about Boolka's tactics, techniques, and the tools used to combat this cyber threat.
Read More
#CyberSecurity #Malware #ThreatIntelligence #Boolka #CyberAttack #DataSecurity #InfoSec
π₯10π1
π¨ Under Siege: The Critical Risk of Compromised Mobile Device Management Credentials π¨
In our latest blog, Nikita Rostovcev, Cyber Intelligence Researcher at Group-IB, delves into the alarming risks posed by compromised Mobile Device Management (MDM) credentials. With over 1,500 login pairs discovered on the dark web, exposing companies to severe cyber threats.
Key Insights:
1οΈβ£ 27.5% of MDM interfaces accessible from the external Internet
2οΈβ£ Targeted malware attacks leading to credential theft
3οΈβ£ Risks to business continuity, data security, and legal compliance
Discover how threat actors exploit these vulnerabilities and what you can do to protect your organization. Learn about essential measures such as re-enrolling devices, continuous dark web monitoring, and implementing MFA.
π Read the full analysis
#Cybersecurity #GroupIB #MDM #DataSecurity #ThreatIntelligence #CyberThreats #MobileSecurity #BusinessContinuity #FightAgainstCybercrime
In our latest blog, Nikita Rostovcev, Cyber Intelligence Researcher at Group-IB, delves into the alarming risks posed by compromised Mobile Device Management (MDM) credentials. With over 1,500 login pairs discovered on the dark web, exposing companies to severe cyber threats.
Key Insights:
1οΈβ£ 27.5% of MDM interfaces accessible from the external Internet
2οΈβ£ Targeted malware attacks leading to credential theft
3οΈβ£ Risks to business continuity, data security, and legal compliance
Discover how threat actors exploit these vulnerabilities and what you can do to protect your organization. Learn about essential measures such as re-enrolling devices, continuous dark web monitoring, and implementing MFA.
π Read the full analysis
#Cybersecurity #GroupIB #MDM #DataSecurity #ThreatIntelligence #CyberThreats #MobileSecurity #BusinessContinuity #FightAgainstCybercrime
π₯8
On June 20, 2024, the Indonesian data center experienced a severe ransomware attack by the group Brain Cipher, impacting approximately 210 critical government services, including customs and immigration. This led to significant delays for travelers at airports.
Initially demanding an $8-million ransom, Brain Cipher later released the decryptor for free. Group-IB's High-Tech Crime Investigation team has provided insights into the group's previous activities and tactics, revealing their use of ransom notes and data leak threats as extortion methods. The Brain Cipher group has been active since at least April 2024 and shows connections to other ransomware entities such as EstateRansomware and SenSayQ.
Dive into the inner workings of Brain Cipher on our blog now
#CyberSecurity #Ransomware #DataBreach #InfoSec #CyberCrime #DataSecurity #CyberInvestigation #FightAgainstCybercrime
Initially demanding an $8-million ransom, Brain Cipher later released the decryptor for free. Group-IB's High-Tech Crime Investigation team has provided insights into the group's previous activities and tactics, revealing their use of ransom notes and data leak threats as extortion methods. The Brain Cipher group has been active since at least April 2024 and shows connections to other ransomware entities such as EstateRansomware and SenSayQ.
Dive into the inner workings of Brain Cipher on our blog now
#CyberSecurity #Ransomware #DataBreach #InfoSec #CyberCrime #DataSecurity #CyberInvestigation #FightAgainstCybercrime
π₯9π3
It's no secret that the dark web has been a breeding ground for cybercriminal activities.
However, with advanced technology, investigative expertise, and effective operations, many adversaries have been shackled, if not entirely stopped, from openly carrying out their malicious activities.
Yet, crime doesnβt stopβit shifts. Cybercriminals are now exploiting social media to spread malware, sell stolen data, and recruit accomplices.
At Group-IB, our investigators use manual analysis, specialized tools like Group-IB Threat Intelligence, and social engineering tactics to uncover cybercriminals' hidden motives and gain firsthand insights into emerging trendsβhelping businesses understand how to protect themselves.
π Find out more here.
Think more people should know about this? Like, repost, and share with your network!
#DarkWeb #ThreatIntelligence #SocialEngineering #DataSecurity #FightAgainstCybercrime
However, with advanced technology, investigative expertise, and effective operations, many adversaries have been shackled, if not entirely stopped, from openly carrying out their malicious activities.
Yet, crime doesnβt stopβit shifts. Cybercriminals are now exploiting social media to spread malware, sell stolen data, and recruit accomplices.
At Group-IB, our investigators use manual analysis, specialized tools like Group-IB Threat Intelligence, and social engineering tactics to uncover cybercriminals' hidden motives and gain firsthand insights into emerging trendsβhelping businesses understand how to protect themselves.
π Find out more here.
Think more people should know about this? Like, repost, and share with your network!
#DarkWeb #ThreatIntelligence #SocialEngineering #DataSecurity #FightAgainstCybercrime
β€8π3
89% of IT departments allow bring-your-own-device policies. At the same time 46% of compromised systems are unmanaged devices mixing personal and corporate accounts.
But how do you detect threats from unmanaged devices if you only monitor the perimeter?
This is the problem with many NDR deployments. They cover north-south traffic, but miss the internal connections where credential theft and lateral movement unfold.
Group-IBβs new blog post explains what real internal visibility looks like and why it matters.
#CyberSecurity #NDR #EndpointProtection #DataSecurity #ThreatDetection #FightAgainstCybercrime
But how do you detect threats from unmanaged devices if you only monitor the perimeter?
This is the problem with many NDR deployments. They cover north-south traffic, but miss the internal connections where credential theft and lateral movement unfold.
Group-IBβs new blog post explains what real internal visibility looks like and why it matters.
#CyberSecurity #NDR #EndpointProtection #DataSecurity #ThreatDetection #FightAgainstCybercrime
π₯9π5π1