👏We continue to share the great news! Group-IB has joined the Asia Pacific Computer Emergency Response Team (APCERT), the largest consortium of Computer Emergency Response Teams in the Asia-Pacific region.
Group-IB’s Computer Emergency Response Team (CERT-GIB) became the first Corporate Partner and only the second organization from Singapore, after SingCERT, to be accepted into the APCERT community. That's huge! By joining APCERT, Group-IB will be better equipped to identify and respond to cybersecurity threats and mitigate their impact on its customers and business operations.
Check out our website for more details👈
#FightAgainstCybercrime #partnership
Group-IB’s Computer Emergency Response Team (CERT-GIB) became the first Corporate Partner and only the second organization from Singapore, after SingCERT, to be accepted into the APCERT community. That's huge! By joining APCERT, Group-IB will be better equipped to identify and respond to cybersecurity threats and mitigate their impact on its customers and business operations.
Check out our website for more details
#FightAgainstCybercrime #partnership
Please open Telegram to view this post
VIEW IN TELEGRAM
❤5👍5🔥3
🏆 Group-IB is proud to announce that its Fraud Protection platform has been recognized as the most complete anti-fraud solution on the market by Frost & Sullivan!
Out of nine vendors and products surveyed by Frost & Sullivan in its Global Fraud Detection & Prevention (FDP) Market Study, Group-IB’s Fraud Protection differentiated itself from other offerings by being the only anti-fraud solution to contain all seven key functionalities listed by Frost & Sullivan, including bot detection, behavioral biometrics, explainable AI, and API security.
Learn more about the solution👈
#FraudProtection
Out of nine vendors and products surveyed by Frost & Sullivan in its Global Fraud Detection & Prevention (FDP) Market Study, Group-IB’s Fraud Protection differentiated itself from other offerings by being the only anti-fraud solution to contain all seven key functionalities listed by Frost & Sullivan, including bot detection, behavioral biometrics, explainable AI, and API security.
Learn more about the solution👈
#FraudProtection
🔥19❤6👍2🏆1
Group-IB uncovered a new scam campaign targeting both Instagram and banking users in Indonesia, which aims to gain access to their bank accounts. Our team identified more than 600 hijacked Instagram accounts used to spread phishing links to fake websites disguised as login pages of mobile banking applications for one of Indonesia’s leading financial institutions.
Want to learn how the scheme works and how to avoid falling victim to it? Visit our website to read the full story
#DigitalRiskProtection #scam #phishing
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥11❤4
🔍 In January 2023, Group-IB’s Digital Forensics and Incident Response team investigated an attack against an industrial sector company in Europe. Our experts established that the victim had been encrypted with a previously unknown ransomware strain. The strain was codenamed BabLock, because its versions for Linux and ESXi share similarities with the leaked Babuk ransomware. Despite these slight similarities, the group has a very distinct modus operandi and custom sophisticated ransomware for Windows. Additionally, the BabLock gang (also tracked under the name “Rorschach”), unlike most of its “industry peers”, is not using a dedicated leak site and is communicating with its victims via email. Group-IB researchers immediately notified the company’s customers of its discovery.
Check out our new blog post to get a comprehensive description of the BabLock attack: their toolset, the strain’s samples for Windows, ESXi, and Linux as well as TTPs used by the BabLock gang mapped to MITRE ATT&CK®. Read👈
#ransomware #BabLock
Check out our new blog post to get a comprehensive description of the BabLock attack: their toolset, the strain’s samples for Windows, ESXi, and Linux as well as TTPs used by the BabLock gang mapped to MITRE ATT&CK®. Read👈
#ransomware #BabLock
❤9🔥4👍3
Group-IB’s Threat Intelligence team identified new infrastructure used by APT MuddyWater. We also uncovered that this group uses SimpleHelp, a legitimate remote device control and management tool, to ensure persistence on victim devices.
According to our data, MuddyWater used SimpleHelp for the first time on June 30, 2022. At the time of writing, the group has at least eight servers on which they have SimpleHelp installed.
Our new blog post describes MuddyWater’s previously unknown infrastructure and points to links with some of the group’s publicly known IP addresses. Read now👈
#APT #MuddyWater
According to our data, MuddyWater used SimpleHelp for the first time on June 30, 2022. At the time of writing, the group has at least eight servers on which they have SimpleHelp installed.
Our new blog post describes MuddyWater’s previously unknown infrastructure and points to links with some of the group’s publicly known IP addresses. Read now👈
#APT #MuddyWater
🔥10👍4👏2
Group-IB will no longer be present in the Russian market. This comes after Dmitry Volkov, co-founder and CEO, sold his stake in Group-IB’s Russia-based business to the company’s local management. Group-IB’s branding and trademarks will not be permitted in Russia.
This process marks the completion of the second stage of the regional business diversification announced by Group-IB in July 2022, and encompasses changes to the ownership structure, separation of Group-IB’s business and technical units, and the final withdrawal of the Group-IB brand from the Russian market.
More details👈
This process marks the completion of the second stage of the regional business diversification announced by Group-IB in July 2022, and encompasses changes to the ownership structure, separation of Group-IB’s business and technical units, and the final withdrawal of the Group-IB brand from the Russian market.
More details
Please open Telegram to view this post
VIEW IN TELEGRAM
😢13🔥6👏3👍2
🎣 Phishing attacks are becoming ever more sophisticated and their scale is increasing exponentially.
There are a few approaches to investigate a phishing campaign efficiently. In our new blog post, we present a practical guide based on the investigation into a Chinese-speaking phishing campaign that was observed in July 2022. The campaign was carried out by a phishing gang named PostalFurious by Group-IB. PostalFurious targeted users in APAC, specifically in Singapore, Australia, and some other countries by impersonating postal and, to a lesser extent, toll operators.
Read more👈
#phishing #PostalFurious
There are a few approaches to investigate a phishing campaign efficiently. In our new blog post, we present a practical guide based on the investigation into a Chinese-speaking phishing campaign that was observed in July 2022. The campaign was carried out by a phishing gang named PostalFurious by Group-IB. PostalFurious targeted users in APAC, specifically in Singapore, Australia, and some other countries by impersonating postal and, to a lesser extent, toll operators.
Read more👈
#phishing #PostalFurious
🔥8👍3
🎭 What happens when the people who are meant to stop scams spreading on social media are being impersonated by the scammers themselves?
Group-IB Digital Risk Protection experts have discovered a new and still ongoing global phishing campaign launched on Facebook by cybercriminals who impersonate the technical support staff of Meta, Facebook’s parent company. Group-IB researchers identified more than 3,200 Facebook profiles publishing posts purportedly written by Meta technical support staff in a total of 23 languages. The scammers’ ultimate aim is to gain access to the Facebook accounts of public figures, celebrities, businesses, sports teams, as well as individual profiles, to steal sensitive information, and potentially use the same compromised credentials to gain access to other accounts held by the individual. Group-IB’s Computer Emergency Response Team (CERT-GIB) informed Facebook of its findings, in line with the company's responsible disclosure protocol.
Check out our newest blog post to learn more about this phishing campaign as well as to get recommendations on how not to fall victim. Read👈
Group-IB Digital Risk Protection experts have discovered a new and still ongoing global phishing campaign launched on Facebook by cybercriminals who impersonate the technical support staff of Meta, Facebook’s parent company. Group-IB researchers identified more than 3,200 Facebook profiles publishing posts purportedly written by Meta technical support staff in a total of 23 languages. The scammers’ ultimate aim is to gain access to the Facebook accounts of public figures, celebrities, businesses, sports teams, as well as individual profiles, to steal sensitive information, and potentially use the same compromised credentials to gain access to other accounts held by the individual. Group-IB’s Computer Emergency Response Team (CERT-GIB) informed Facebook of its findings, in line with the company's responsible disclosure protocol.
Check out our newest blog post to learn more about this phishing campaign as well as to get recommendations on how not to fall victim. Read👈
🔥12👍3❤1
This media is not supported in your browser
VIEW IN TELEGRAM
Malware detonation is Group-IB's core technology used for automated malware analysis and natively embedded in Managed XDR and Business Email Protection. To keep-up with the evolving threat landscape, Group-IB constantly updates and evolves its Malware Detonation Platform.
One of the new features added to the Malware Detonation Platform allows analysts to access all artifacts related to malware detonation, including files from the file structure, files created during malware detonation, registry keys, mutexes, network indicators, as well as memory fragments. End-to-end search and related processes mapping options are available. This data can be exported via API and used in external systems for threat hunting and automated response processes.
A picture is worth a thousand words, so let's look at the gif above. A sample of Loki PWS malware was successfully detonated, and the system automatically extracted a number of artifacts, including the malware’s configuration and its predefined commands, along with a C&C servers list.
Want to learn more about the new features in Group-IB's Malware Detonation Platform? Check out our new blog👈
#MXDR #BEP
One of the new features added to the Malware Detonation Platform allows analysts to access all artifacts related to malware detonation, including files from the file structure, files created during malware detonation, registry keys, mutexes, network indicators, as well as memory fragments. End-to-end search and related processes mapping options are available. This data can be exported via API and used in external systems for threat hunting and automated response processes.
A picture is worth a thousand words, so let's look at the gif above. A sample of Loki PWS malware was successfully detonated, and the system automatically extracted a number of artifacts, including the malware’s configuration and its predefined commands, along with a C&C servers list.
Want to learn more about the new features in Group-IB's Malware Detonation Platform? Check out our new blog👈
#MXDR #BEP
👍12🔥2
In March 2023, Group-IB’s Threat Intelligence team infiltrated the Qilin ransomware group and now can reveal inside information about this RaaS program.
Qilin is a Ransomware-as-a-Service affiliate program that now uses a Rust-based ransomware to target its victims. Many Qilin ransomware attacks are customized for each victim to maximize their impact. Qilin’s targets are primarily critical sector companies.
Group-IB’s Threat Intelligence team was able to get information about Qilin’s payment structure as a result of entering a private conversation with one of the users (Haise) on Tox (an open-end messaging app that offers end-to-end encryption), who was identified on the underground forum RAMP. According to the information provided by the owner of the Qilin RaaS program, for payments totaling $3M or less, affiliates earned 80% of the payment; for payments of more than $3M, they earned 85% of the payment.
Read our new blog post to get a detailed breakdown of the group, as well as recommendations on how to prevent Qilin’s attacks👈
#ransomware #Qilin
Qilin is a Ransomware-as-a-Service affiliate program that now uses a Rust-based ransomware to target its victims. Many Qilin ransomware attacks are customized for each victim to maximize their impact. Qilin’s targets are primarily critical sector companies.
Group-IB’s Threat Intelligence team was able to get information about Qilin’s payment structure as a result of entering a private conversation with one of the users (Haise) on Tox (an open-end messaging app that offers end-to-end encryption), who was identified on the underground forum RAMP. According to the information provided by the owner of the Qilin RaaS program, for payments totaling $3M or less, affiliates earned 80% of the payment; for payments of more than $3M, they earned 85% of the payment.
Read our new blog post to get a detailed breakdown of the group, as well as recommendations on how to prevent Qilin’s attacks👈
#ransomware #Qilin
🔥5❤4👍1
When cybersecurity researchers work together, they make the world safer🤝 Group-IB and Bridewell are proud to share the joint blog post about previously unknown infrastructure belonging to APT SideWinder.
While investigating the threat actors, Group-IB’s and Bridewell’s threat intelligence specialists identified and attributed a large part of the group’s infrastructure, namely 55 domains and IP addresses. The identified phishing domains mimic various organizations in the news, government, telecommunications, and financial sectors.
Curious to know more? Read our fresh blog post👈
#APT #SideWinder
While investigating the threat actors, Group-IB’s and Bridewell’s threat intelligence specialists identified and attributed a large part of the group’s infrastructure, namely 55 domains and IP addresses. The identified phishing domains mimic various organizations in the news, government, telecommunications, and financial sectors.
Curious to know more? Read our fresh blog post👈
#APT #SideWinder
👍11