At #CyberDSA2024, CyberSecurity Malaysia and Group-IB signed a Memorandum of Understanding (MOU) to boost Malaysia's cyber resilience and safeguard its critical IT infrastructure. The MOU includes provisions for information sharing on cyber threats, technical support, cybersecurity training, and emergency response coordination. It also aims to increase cybersecurity awareness, support SMEs, and use Group-IB’s Digital Crime Resistance Centers for threat analysis and joint cybercrime operations. The agreement was signed on 6 August 2024 in Kuala Lumpur, with key figures from both organizations and the Ministry of Digital present.
🔗 Read more
#CyberSecurity #Malaysia #CyberResilience #CyberThreats #CybersecurityAwareness #FightAgainstCybercrime
🔗 Read more
#CyberSecurity #Malaysia #CyberResilience #CyberThreats #CybersecurityAwareness #FightAgainstCybercrime
🔥12👍1
🚨 Under Siege: The Critical Risk of Compromised Mobile Device Management Credentials 🚨
In our latest blog, Nikita Rostovcev, Cyber Intelligence Researcher at Group-IB, delves into the alarming risks posed by compromised Mobile Device Management (MDM) credentials. With over 1,500 login pairs discovered on the dark web, exposing companies to severe cyber threats.
Key Insights:
1️⃣ 27.5% of MDM interfaces accessible from the external Internet
2️⃣ Targeted malware attacks leading to credential theft
3️⃣ Risks to business continuity, data security, and legal compliance
Discover how threat actors exploit these vulnerabilities and what you can do to protect your organization. Learn about essential measures such as re-enrolling devices, continuous dark web monitoring, and implementing MFA.
🔗 Read the full analysis
#Cybersecurity #GroupIB #MDM #DataSecurity #ThreatIntelligence #CyberThreats #MobileSecurity #BusinessContinuity #FightAgainstCybercrime
In our latest blog, Nikita Rostovcev, Cyber Intelligence Researcher at Group-IB, delves into the alarming risks posed by compromised Mobile Device Management (MDM) credentials. With over 1,500 login pairs discovered on the dark web, exposing companies to severe cyber threats.
Key Insights:
1️⃣ 27.5% of MDM interfaces accessible from the external Internet
2️⃣ Targeted malware attacks leading to credential theft
3️⃣ Risks to business continuity, data security, and legal compliance
Discover how threat actors exploit these vulnerabilities and what you can do to protect your organization. Learn about essential measures such as re-enrolling devices, continuous dark web monitoring, and implementing MFA.
🔗 Read the full analysis
#Cybersecurity #GroupIB #MDM #DataSecurity #ThreatIntelligence #CyberThreats #MobileSecurity #BusinessContinuity #FightAgainstCybercrime
🔥8
On June 20, 2024, the Indonesian data center experienced a severe ransomware attack by the group Brain Cipher, impacting approximately 210 critical government services, including customs and immigration. This led to significant delays for travelers at airports.
Initially demanding an $8-million ransom, Brain Cipher later released the decryptor for free. Group-IB's High-Tech Crime Investigation team has provided insights into the group's previous activities and tactics, revealing their use of ransom notes and data leak threats as extortion methods. The Brain Cipher group has been active since at least April 2024 and shows connections to other ransomware entities such as EstateRansomware and SenSayQ.
Dive into the inner workings of Brain Cipher on our blog now
#CyberSecurity #Ransomware #DataBreach #InfoSec #CyberCrime #DataSecurity #CyberInvestigation #FightAgainstCybercrime
Initially demanding an $8-million ransom, Brain Cipher later released the decryptor for free. Group-IB's High-Tech Crime Investigation team has provided insights into the group's previous activities and tactics, revealing their use of ransom notes and data leak threats as extortion methods. The Brain Cipher group has been active since at least April 2024 and shows connections to other ransomware entities such as EstateRansomware and SenSayQ.
Dive into the inner workings of Brain Cipher on our blog now
#CyberSecurity #Ransomware #DataBreach #InfoSec #CyberCrime #DataSecurity #CyberInvestigation #FightAgainstCybercrime
🔥9👍3
Explore how Linux's procfs can be exploited to conceal processes from administrators. Although /proc provides critical system and process information, techniques such as remounting can be used to obscure active processes.
Read more about this exploit and more, and how administrators can protect their systems on our blog!
#cybersecurity #linux #exploit
Read more about this exploit and more, and how administrators can protect their systems on our blog!
#cybersecurity #linux #exploit
🔥10❤3
🚨 New Threat Research Alert: RansomHub, a rising force in ransomware, has launched an aggressive affiliate program and is targeting key industries worldwide.
Our latest blog dives deep into their tactics, from recruiting former Scattered Spider members to executing double-extortion attacks.
Discover how they’re exploiting unprotected RDP services and exfiltrating massive amounts of data. Stay ahead of the curve—read our detailed analysis and protect your organization from this escalating threat.
🔗 Read Here
Our latest blog dives deep into their tactics, from recruiting former Scattered Spider members to executing double-extortion attacks.
Discover how they’re exploiting unprotected RDP services and exfiltrating massive amounts of data. Stay ahead of the curve—read our detailed analysis and protect your organization from this escalating threat.
🔗 Read Here
👍11
🚨 Lazarus Group's Latest Scheme: Beaver Fever 2024 🚨
Lazarus Group has intensified its operations with a new campaign using fraudulent job interviews and malicious video conferencing apps to deploy their latest malware—BeaverTail and InvisibleFerret. Our recent analysis at Group-IB reveals:
🔹 Malware Details: BeaverTail, a sophisticated Python-based backdoor, and InvisibleFerret, targeting both cryptocurrency wallets and browser extensions.
🔹 New Tactics: Utilization of hijacked gaming projects and advanced evasion techniques.
Stay informed and protect your digital assets by reading our comprehensive report on these emerging threats.
🔗 Explore the full analysis
#Cybersecurity #Malware #ThreatAnalysis #LazarusGroup #GroupIB #BeaverTail #CyberThreats #MalwareAnalysis
Lazarus Group has intensified its operations with a new campaign using fraudulent job interviews and malicious video conferencing apps to deploy their latest malware—BeaverTail and InvisibleFerret. Our recent analysis at Group-IB reveals:
🔹 Malware Details: BeaverTail, a sophisticated Python-based backdoor, and InvisibleFerret, targeting both cryptocurrency wallets and browser extensions.
🔹 New Tactics: Utilization of hijacked gaming projects and advanced evasion techniques.
Stay informed and protect your digital assets by reading our comprehensive report on these emerging threats.
🔗 Explore the full analysis
#Cybersecurity #Malware #ThreatAnalysis #LazarusGroup #GroupIB #BeaverTail #CyberThreats #MalwareAnalysis
🔥9❤1👍1
The Group-IB DFIR Team has identified a new technique that exploits the pam_exec module to gain privileged shell access and establish persistent control on compromised hosts.
The flexibility of the Pluggable Authentication Module (PAM) poses risks, particularly with pam_exec, which can be used to run malicious scripts. These scripts can be injected into PAM configurations, allowing attackers to maintain access and manipulate authentication processes undetected. PAM’s plaintext transmission of values and lack of secure password storage further exacerbate the risk.
Find out more on our blog, and review your PAM configurations to protect against this vulnerability.
#CyberSecurity #DFIR #ThreatHunting #PAM #MITREATTACK #FightAgainstCybercrime
The flexibility of the Pluggable Authentication Module (PAM) poses risks, particularly with pam_exec, which can be used to run malicious scripts. These scripts can be injected into PAM configurations, allowing attackers to maintain access and manipulate authentication processes undetected. PAM’s plaintext transmission of values and lack of secure password storage further exacerbate the risk.
Find out more on our blog, and review your PAM configurations to protect against this vulnerability.
#CyberSecurity #DFIR #ThreatHunting #PAM #MITREATTACK #FightAgainstCybercrime
🔥10❤3👍2👏1
🔒 With breaches increasing by 72% last year⬆, the expertise needed to manage them effectively is at an all-time low⬇️.
The result? A growing gap that heightens risks for businesses and customers.
Closing the gap requires enabling investment-friendly, continuous, and expert-guided cybersecurity—with Digital Forensics and Incident Response (DFIR) retainer services.
The Gartner® report, Market Guide for Digital Forensics and Incident Response Retainer Services, offers valuable insights and mentions Group-IB as a Representative Vendor for our "Group-IB Incident Response Retainer" service.
Excited to announce Group-IB's recognition as a Representative Vendor for the fourth consecutive time.
Get complete information here.
P.S. Don’t forget to share it within your network!
#Cybersecurity #DFIR #Gartner #MarketGuide #RiskManagement #FightAgainstCybercrime
The result? A growing gap that heightens risks for businesses and customers.
Closing the gap requires enabling investment-friendly, continuous, and expert-guided cybersecurity—with Digital Forensics and Incident Response (DFIR) retainer services.
The Gartner® report, Market Guide for Digital Forensics and Incident Response Retainer Services, offers valuable insights and mentions Group-IB as a Representative Vendor for our "Group-IB Incident Response Retainer" service.
Excited to announce Group-IB's recognition as a Representative Vendor for the fourth consecutive time.
Get complete information here.
P.S. Don’t forget to share it within your network!
#Cybersecurity #DFIR #Gartner #MarketGuide #RiskManagement #FightAgainstCybercrime
👍11❤4
Our latest investigation reveals a sophisticated Android malware campaign, codenamed Ajina, targeting Central Asia. Named after a mythical spirit from Uzbek folklore, this malware deceives users by posing as legitimate apps, compromising personal and financial data across the region. Our investigation revealed over 1,400 unique samples, highlighting the attackers' regional knowledge and growing reach.
Discover how these malicious actors are spreading malware through Telegram, the techniques they're using, and the broader implications for users and businesses alike.
🛡️ Stay informed and stay secure.
Read the full analysis by our experts now
#CyberSecurity #ThreatIntelligence #infosec #FightAgainstCybercrime #AndroidMalware #Telegram
Discover how these malicious actors are spreading malware through Telegram, the techniques they're using, and the broader implications for users and businesses alike.
🛡️ Stay informed and stay secure.
Read the full analysis by our experts now
#CyberSecurity #ThreatIntelligence #infosec #FightAgainstCybercrime #AndroidMalware #Telegram
👍7🔥5
We are proud to celebrate the recognition of Anastasia Tikhonova and Ha Hai Phan, who won the Top Women in Security ASEAN Region Award for Thailand and Vietnam.
Vesta Matveeva and Sharmine Low were also named among the top 30 finalists.
Their groundbreaking work in threat intelligence, cybercrime investigations, and malware analysis has significantly advanced global cybersecurity and supported law enforcement efforts. Every day, their expertise continues to enrich the cybersecurity community and strengthen defenses against emerging threats.
Learn more
Vesta Matveeva and Sharmine Low were also named among the top 30 finalists.
Their groundbreaking work in threat intelligence, cybercrime investigations, and malware analysis has significantly advanced global cybersecurity and supported law enforcement efforts. Every day, their expertise continues to enrich the cybersecurity community and strengthen defenses against emerging threats.
Learn more
🔥24❤11🏆3👏2
It's no secret that the dark web has been a breeding ground for cybercriminal activities.
However, with advanced technology, investigative expertise, and effective operations, many adversaries have been shackled, if not entirely stopped, from openly carrying out their malicious activities.
Yet, crime doesn’t stop—it shifts. Cybercriminals are now exploiting social media to spread malware, sell stolen data, and recruit accomplices.
At Group-IB, our investigators use manual analysis, specialized tools like Group-IB Threat Intelligence, and social engineering tactics to uncover cybercriminals' hidden motives and gain firsthand insights into emerging trends—helping businesses understand how to protect themselves.
👉 Find out more here.
Think more people should know about this? Like, repost, and share with your network!
#DarkWeb #ThreatIntelligence #SocialEngineering #DataSecurity #FightAgainstCybercrime
However, with advanced technology, investigative expertise, and effective operations, many adversaries have been shackled, if not entirely stopped, from openly carrying out their malicious activities.
Yet, crime doesn’t stop—it shifts. Cybercriminals are now exploiting social media to spread malware, sell stolen data, and recruit accomplices.
At Group-IB, our investigators use manual analysis, specialized tools like Group-IB Threat Intelligence, and social engineering tactics to uncover cybercriminals' hidden motives and gain firsthand insights into emerging trends—helping businesses understand how to protect themselves.
👉 Find out more here.
Think more people should know about this? Like, repost, and share with your network!
#DarkWeb #ThreatIntelligence #SocialEngineering #DataSecurity #FightAgainstCybercrime
❤8👍3
⚠️ Is TeamTNT Back? Cloud Infrastructures at Risk Again
After disappearing in 2022, TeamTNT—a notorious threat actor known for targeting cloud environments—may be back with new campaigns impacting VPS infrastructures. Group-IB's DFIR team has uncovered alarming signs of their return, utilizing SSH brute force attacks and custom scripts to compromise systems, disable security features, and hijack cryptocurrency miners.
Explore our latest research to dive deeper into TeamTNT's evolving tactics and their potential resurgence.
🔗 Read the full blog now and stay ahead.
#TeamTNT #CloudSecurity #DFIR #CyberSecurity #FightAgainstCybercrime
After disappearing in 2022, TeamTNT—a notorious threat actor known for targeting cloud environments—may be back with new campaigns impacting VPS infrastructures. Group-IB's DFIR team has uncovered alarming signs of their return, utilizing SSH brute force attacks and custom scripts to compromise systems, disable security features, and hijack cryptocurrency miners.
Explore our latest research to dive deeper into TeamTNT's evolving tactics and their potential resurgence.
🔗 Read the full blog now and stay ahead.
#TeamTNT #CloudSecurity #DFIR #CyberSecurity #FightAgainstCybercrime
👍7👀3
Group-IB is proud to have supported international “Operation Kaerb," a joint effort coordinated by Europol and Ameripol in partnership with European and Latin American law enforcement agencies and judiciary authorities, leading to the arrest of 17 individuals behind the iServer phishing-as-a-service platform. The cybercriminals claimed over 483,000 mobile phone victims globally. Group-IB's continued collaboration with international partners underscores our commitment to combating cybercrime and protecting users worldwide.
Read more about this successful operation and our role in it.
#Cybercrime #Phishing #Cybersecurity #GroupIB #DigitalSafety #LawEnforcement #CyberFraud
Read more about this successful operation and our role in it.
#Cybercrime #Phishing #Cybersecurity #GroupIB #DigitalSafety #LawEnforcement #CyberFraud
🔥18👍4❤1
We are pleased to welcome Craig Jones, former Director of Cybercrime at INTERPOL, as an Independent Strategic Advisor to Group-IB. With over three decades of experience in global law enforcement, including his leadership at INTERPOL’s Cybercrime Directorate, Craig brings a wealth of expertise to our mission of combating digital threats.
In his new role, Craig will collaborate with our CEO, Dmitry Volkov, and the Executive Team to shape Group-IB’s long-term strategy, guide market positioning, and strengthen our global efforts to stop cybercriminals.
We look forward to working with Craig as we continue to build a safer digital environment for businesses and communities worldwide.
Read More
#Cybersecurity #DigitalSafety #CyberThreats #FightAgainstCybercrime
In his new role, Craig will collaborate with our CEO, Dmitry Volkov, and the Executive Team to shape Group-IB’s long-term strategy, guide market positioning, and strengthen our global efforts to stop cybercriminals.
We look forward to working with Craig as we continue to build a safer digital environment for businesses and communities worldwide.
Read More
#Cybersecurity #DigitalSafety #CyberThreats #FightAgainstCybercrime
🔥33👍15🤯4❤1👎1🤡1🤣1
What if the next ransomware attack isn't just about encryption?
The DragonForce ransomware group is reshaping the threat landscape with customized attacks, dual extortion tactics, and tools for affiliates to wreak havoc.
Dive into our latest research as Group-IB’s experts reveal the inside story of DragonForce's evolution and its relentless pursuit of critical industries worldwide.
🔗 Read the full blog to stay ahead.
#cybersecurity #ransomware #InfoSec #DataProtection #CyberThreats #FightAgainstCybercrime
The DragonForce ransomware group is reshaping the threat landscape with customized attacks, dual extortion tactics, and tools for affiliates to wreak havoc.
Dive into our latest research as Group-IB’s experts reveal the inside story of DragonForce's evolution and its relentless pursuit of critical industries worldwide.
🔗 Read the full blog to stay ahead.
#cybersecurity #ransomware #InfoSec #DataProtection #CyberThreats #FightAgainstCybercrime
🔥9👍2
AVO bank, a new digital bank in Uzbekistan, faced rising cyber threats as its digital services grew rapidly. With over 1 million app downloads in just 3 months, the bank needed a strong cybersecurity strategy to protect customers’ data.
By partnering with Group-IB and leveraging solutions like Threat Intelligence and MXDR, AVO bank strengthened its security posture and now provides multi-layered protection for its customers.
Interested in finding out the details?
Read the full case study here.
#Cybersecurity #DigitalBanking
By partnering with Group-IB and leveraging solutions like Threat Intelligence and MXDR, AVO bank strengthened its security posture and now provides multi-layered protection for its customers.
Interested in finding out the details?
Read the full case study here.
#Cybersecurity #DigitalBanking
🔥19
🚨 Strengthening Brunei’s cybersecurity!
Group-IB and ITPSS are officially teaming up to protect the nation's digital future!
From cyber threat intelligence to rapid incident response, our partnership is set to enhance Brunei’s defenses and safeguard critical infrastructure, businesses, and citizens. Together, we’re paving the way for a smarter, safer digital landscape aligned with Brunei’s Vision 2035. 🌐
Read more.
#GroupIB #ITPSS #CyberSecurityBrunei #DigitalDefense #CySec2024 #Vision2035 #CyberResilience #StrongerTogether
Group-IB and ITPSS are officially teaming up to protect the nation's digital future!
From cyber threat intelligence to rapid incident response, our partnership is set to enhance Brunei’s defenses and safeguard critical infrastructure, businesses, and citizens. Together, we’re paving the way for a smarter, safer digital landscape aligned with Brunei’s Vision 2035. 🌐
Read more.
#GroupIB #ITPSS #CyberSecurityBrunei #DigitalDefense #CySec2024 #Vision2035 #CyberResilience #StrongerTogether
👍11
🚨 Pig Butchering Scam Alert 🚨
Fake trading apps are targeting iOS and Android users worldwide, posing a serious threat to your finances! 💰
Discover how cybercriminals are luring victims with promises of easy money, only to steal it all through fraudulent investment platforms. Group-IB experts have uncovered the latest tactics used in this large-scale scam. Protect yourself today!
🔗 Read the full report and stay safe.
#CyberSecurity #PigButchering #ScamAlert #FraudProtection #GroupIB #FinTechScam
Fake trading apps are targeting iOS and Android users worldwide, posing a serious threat to your finances! 💰
Discover how cybercriminals are luring victims with promises of easy money, only to steal it all through fraudulent investment platforms. Group-IB experts have uncovered the latest tactics used in this large-scale scam. Protect yourself today!
🔗 Read the full report and stay safe.
#CyberSecurity #PigButchering #ScamAlert #FraudProtection #GroupIB #FinTechScam
🔥9👍3
We are delighted to have contributed to INTERPOL's "Operation Contender 2.0." which led to the arrest of two individuals by the Nigerian Police Force for their role in a romance scam that resulted in significant financial losses for a victim in Finland.
As an INTERPOL Gateway Partner, Group-IB provided vital intelligence that helped law enforcement pinpoint and apprehend these cybercriminals. Our ongoing support for Operation Contender 2.0 reflects our commitment to combating digital crime and protecting victims worldwide.
Read More
#INTERPOL #OperationContender #Cybercrime #DigitalCrime #Cybersecurity #LawEnforcement #VictimsRights #FightAgainstCybercrime
As an INTERPOL Gateway Partner, Group-IB provided vital intelligence that helped law enforcement pinpoint and apprehend these cybercriminals. Our ongoing support for Operation Contender 2.0 reflects our commitment to combating digital crime and protecting victims worldwide.
Read More
#INTERPOL #OperationContender #Cybercrime #DigitalCrime #Cybersecurity #LawEnforcement #VictimsRights #FightAgainstCybercrime
🔥11👍2