When cybersecurity researchers work together, they make the world safer🤝 Group-IB and Bridewell are proud to share the joint blog post about previously unknown infrastructure belonging to APT SideWinder.
While investigating the threat actors, Group-IB’s and Bridewell’s threat intelligence specialists identified and attributed a large part of the group’s infrastructure, namely 55 domains and IP addresses. The identified phishing domains mimic various organizations in the news, government, telecommunications, and financial sectors.
Curious to know more? Read our fresh blog post👈
#APT #SideWinder
While investigating the threat actors, Group-IB’s and Bridewell’s threat intelligence specialists identified and attributed a large part of the group’s infrastructure, namely 55 domains and IP addresses. The identified phishing domains mimic various organizations in the news, government, telecommunications, and financial sectors.
Curious to know more? Read our fresh blog post👈
#APT #SideWinder
👍11
🔍Group-IB has recorded a 25% increase in the use of phishing kits in 2022.
The key trends, based on the analysis of more than 6,000 phishing kits extracted in 2021 and 2022, are the increasing use of access control and advanced detection evasion techniques. What else Group-IB’s Computer Emergency Response Team found out:
📌 In total, just under half of the phishing kits from 2022 seen by CERT-GIB relied on email to handle stolen information.
📌 The number of phishing kits that use Telegram to collect stolen data almost doubled in 2022 compared to the preceding year.
📌 In 2022, 1,824 phishing kits used simple access control mechanisms. Hypertext access (.htaccess) became the most popular access control strategy.
📌 2,060 phishing kits used advanced detection evasion techniques - 26% more than a year earlier.
More details👈
Want to learn how Group-IB protects companies from phishing and scams? Visit our website👈
#phishing #CERT
The key trends, based on the analysis of more than 6,000 phishing kits extracted in 2021 and 2022, are the increasing use of access control and advanced detection evasion techniques. What else Group-IB’s Computer Emergency Response Team found out:
📌 In total, just under half of the phishing kits from 2022 seen by CERT-GIB relied on email to handle stolen information.
📌 The number of phishing kits that use Telegram to collect stolen data almost doubled in 2022 compared to the preceding year.
📌 In 2022, 1,824 phishing kits used simple access control mechanisms. Hypertext access (.htaccess) became the most popular access control strategy.
📌 2,060 phishing kits used advanced detection evasion techniques - 26% more than a year earlier.
More details👈
Want to learn how Group-IB protects companies from phishing and scams? Visit our website👈
#phishing #CERT
👍6🔥5❤2
Application programming interface usage has exploded in recent years. Despite their increasing popularity, APIs are particularly vulnerable if they are not properly implemented or secured.
Check out our fresh blog post, in which we provide a concise overview of API security, including key domains and nuances from the perspectives of API developers and end users. It outlines the importance of secure coding practices, authentication, authorization and other key domains, and provides recommendations for securing your environment. Read👈
#API #cybersecurity
Check out our fresh blog post, in which we provide a concise overview of API security, including key domains and nuances from the perspectives of API developers and end users. It outlines the importance of secure coding practices, authentication, authorization and other key domains, and provides recommendations for securing your environment. Read👈
#API #cybersecurity
🔥9
APT Dark Pink is back with 5 new victims. The group has continued to attack government, military, and non-profit organizations in the Asia-Pacific expanding its operations to Thailand and Brunei. Another victim, an educational sector organization, has also been identified in Belgium. In line with Group-IB’s zero tolerance policy to cybercrime, we sent proactive warnings to all confirmed and potential victims.
It is important to emphasize that Dark Pink has carried out at least two attacks since the beginning of 2023. The most recent attack known to Group-IB started in April, with the latest files being detected in May. Dark Pink keeps updating their tools. For example, the group’s custom KamiKakaBot module, designed to read and execute commands from the threat actors via Telegram, is now divided into two distinct parts — one that controls the device and the other that steals sensitive data.
In a fresh blog post the Group-IB team analyzes the latest updates in Dark Pink’s toolset, evolution of the group’s exfiltration methods, and modifications of their kill chain. The blog dives deep into the latest TTPs of Dark Pink, observed during the group’s latest attacks. Read now👈
#APT #DarkPink
It is important to emphasize that Dark Pink has carried out at least two attacks since the beginning of 2023. The most recent attack known to Group-IB started in April, with the latest files being detected in May. Dark Pink keeps updating their tools. For example, the group’s custom KamiKakaBot module, designed to read and execute commands from the threat actors via Telegram, is now divided into two distinct parts — one that controls the device and the other that steals sensitive data.
In a fresh blog post the Group-IB team analyzes the latest updates in Dark Pink’s toolset, evolution of the group’s exfiltration methods, and modifications of their kill chain. The blog dives deep into the latest TTPs of Dark Pink, observed during the group’s latest attacks. Read now👈
#APT #DarkPink
❤7👍4🔥4
✉️ PostalFurious has extended its operations to the Middle East.
Group-IB has attributed a recent wave of scams impersonating public bodies in the Middle East region to a Chinese-speaking phishing gang, codenamed PostalFurious. The threat actor, documented for the first time by Group-IB in April 2023, has been targeting users in the Asia-Pacific by impersonating postal brands and toll operators. Now, Group-IB can confirm that the group has extended its operations to the Middle East.
The scammers’ goal is to compromise users’ payment data, and do this by impersonating a Middle Eastern postal service and toll operator. For example, in the fake toll payment scheme, victims receive fake messages asking them to urgently pay a vehicle trip fee to avoid additional fines. The text messages contain a shortened URL to obscure the true phishing address. Once a user clicks on the link, they are redirected to a fake branded payment page.
Want to learn more about the PostalFurious schemes and get recommendations on how to avoid falling victim? Head over to our website👈
#phishing #PostalFurious
Group-IB has attributed a recent wave of scams impersonating public bodies in the Middle East region to a Chinese-speaking phishing gang, codenamed PostalFurious. The threat actor, documented for the first time by Group-IB in April 2023, has been targeting users in the Asia-Pacific by impersonating postal brands and toll operators. Now, Group-IB can confirm that the group has extended its operations to the Middle East.
The scammers’ goal is to compromise users’ payment data, and do this by impersonating a Middle Eastern postal service and toll operator. For example, in the fake toll payment scheme, victims receive fake messages asking them to urgently pay a vehicle trip fee to avoid additional fines. The text messages contain a shortened URL to obscure the true phishing address. Once a user clicks on the link, they are redirected to a fake branded payment page.
Want to learn more about the PostalFurious schemes and get recommendations on how to avoid falling victim? Head over to our website👈
#phishing #PostalFurious
🔥7👏1😱1
🤝 Group-IB is pleased to announce that it has concluded a partnership agreement with the Italian division of Ingram Micro, the world’s leading wholesale distributor of technology products and services.
This agreement further strengthens the long-standing relationship between Group-IB and Ingram Micro’s cybersecurity business unit. Prior to this new partnership covering Italy, Ingram Micro already served as an official Group-IB distributor in Poland, France, India, Indonesia, and several other major markets.
As partners, Ingram Micro will be able to offer its wide network of resellers in Italy access to the full Group-IB stack, including Threat Intelligence, Managed XDR, and Attack Surface Management, while also enhancing the local capabilities of these cybersecurity solutions for the Italian market. More details👈
#cybersecurity #partnership
This agreement further strengthens the long-standing relationship between Group-IB and Ingram Micro’s cybersecurity business unit. Prior to this new partnership covering Italy, Ingram Micro already served as an official Group-IB distributor in Poland, France, India, Indonesia, and several other major markets.
As partners, Ingram Micro will be able to offer its wide network of resellers in Italy access to the full Group-IB stack, including Threat Intelligence, Managed XDR, and Attack Surface Management, while also enhancing the local capabilities of these cybersecurity solutions for the Italian market. More details👈
#cybersecurity #partnership
🔥7❤3👍1👏1
🤝 Group-IB has joined forces with the Defence Technology Institute (DTI) to enhance cyber defence in Thailand. In a MOU Signing Ceremony held on 26 May 2023 at the Office of the Permanent Secretary for Defence in Bangkok, both parties affirmed their commitment to strengthen defense cooperation through research and educational initiatives in the field of cyber investigations and incident response.
Together with the DTI Cyber Academy Program, Group-IB’s cyber education unit will develop a variety of training programs, where DTI personnel will be able to uplift their skills using Group-IB’s battle-tested technologies for fighting against cybercrime in line with Group-IB’s mission.
More details👈
#partnership #cybersecurity
Together with the DTI Cyber Academy Program, Group-IB’s cyber education unit will develop a variety of training programs, where DTI personnel will be able to uplift their skills using Group-IB’s battle-tested technologies for fighting against cybercrime in line with Group-IB’s mission.
More details👈
#partnership #cybersecurity
🔥11👍3
Since 2003, Group-IB has responded to more than 1,300 incidents of all complexities, racking up more than 70,000 hours of hands-on IR experience. Group-IB’s DFIR team of highly-qualified specialists conducts more than 200 engagements annually, and the company’s experts have assisted organizations in multiple key verticals, including banking, manufacturing, energy, and government, to respond to ransomware attacks, APT breaches, and many other threats.
This is the third time in a row that Group-IB has been recognized by Gartner in their Market Guide for Digital Forensics and Incident Response Services. Way to go!
More details👈
#Gartner #FightAgainstCybercrime
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥12👍5❤4
Back in December 2022, Group-IB investigators documented the scope and scale of the well-organized illicit business of CryptosLabs. The scam syndicate targeted French-speaking individuals in France, Belgium, and Luxembourg by mimicking well-known banks, fin-techs, asset management firms, and crypto platforms for years.
In a new blog post, Group-IB’s investigators reveal previously unknown details about CryptosLabs scam ring such as the early stages of the syndicate, the scammer’s side of the scheme, a detailed analysis of their major weapon, and demonstrate how to mitigate the impact caused by the scheme. Read👈
#CryptosLabs #investment #scam
In a new blog post, Group-IB’s investigators reveal previously unknown details about CryptosLabs scam ring such as the early stages of the syndicate, the scammer’s side of the scheme, a detailed analysis of their major weapon, and demonstrate how to mitigate the impact caused by the scheme. Read👈
#CryptosLabs #investment #scam
👍6
More and more employees are using ChatGPT to optimize their work. By default, ChatGPT stores the history of user queries and AI responses. Consequently, unauthorized access to ChatGPT accounts may expose confidential or sensitive information, which can be exploited for targeted attacks against companies and their employees.
According to Group-IB’s latest findings, ChatGPT accounts have already gained significant popularity within underground communities. We have identified 101,134 stealer-infected devices with saved ChatGPT credentials between June 2022 and May 2023. The Asia-Pacific region has experienced the highest concentration of ChatGPT credentials being offered for sale over the past year.
Curious to learn more? Head over to our website👈
#ChatGPT #cyberthreats
According to Group-IB’s latest findings, ChatGPT accounts have already gained significant popularity within underground communities. We have identified 101,134 stealer-infected devices with saved ChatGPT credentials between June 2022 and May 2023. The Asia-Pacific region has experienced the highest concentration of ChatGPT credentials being offered for sale over the past year.
Curious to learn more? Head over to our website👈
#ChatGPT #cyberthreats
👍10🔥5❤2