Group-IB is proud to be recognized by the Singapore Police Force for our contributions in combating cyber threats across the Asia-Pacific (APAC) region. This accolade highlights our pivotal role in providing critical investigation data that led to the arrest of DESORDEN in February 2025, responsible for over 90 global data leaks.
The award also recognized the Group-IB Investigation team’s knowledge-sharing efforts by delivering key insights at the ASEAN Cybercrime Conference 2024, reinforcing collective cybersecurity defenses in the region. Read More
#CyberSecurity #GroupIB #APAC #CyberThreats #SingaporePolice #FightAgainstCybercrime
The award also recognized the Group-IB Investigation team’s knowledge-sharing efforts by delivering key insights at the ASEAN Cybercrime Conference 2024, reinforcing collective cybersecurity defenses in the region. Read More
#CyberSecurity #GroupIB #APAC #CyberThreats #SingaporePolice #FightAgainstCybercrime
🔥15👍3👌1
The Cybercriminal with Four Faces: How Group-IB Tracked ALTDOS, DESORDEN, GHOSTR & 0mid16B
For over four years, a cybercriminal hid behind multiple aliases, orchestrating more than 90 data breaches and extorting victims across Asia and beyond. From ALTDOS to DESORDEN, GHOSTR, and finally 0mid16B, he adapted his tactics, evaded detection, and exploited stolen data. Group-IB’s investigators uncovered the patterns linking his identities.
These findings, along with further investigative intelligence from Group-IB, helped the Royal Thai Police and the Singapore Police Force to track, identify, and ultimately arrest the cybercriminal. 🔗Read the full report.
#Cybersecurity #ThreatIntelligence #CyberInvestigation #FightAgainstCybercrime
For over four years, a cybercriminal hid behind multiple aliases, orchestrating more than 90 data breaches and extorting victims across Asia and beyond. From ALTDOS to DESORDEN, GHOSTR, and finally 0mid16B, he adapted his tactics, evaded detection, and exploited stolen data. Group-IB’s investigators uncovered the patterns linking his identities.
These findings, along with further investigative intelligence from Group-IB, helped the Royal Thai Police and the Singapore Police Force to track, identify, and ultimately arrest the cybercriminal. 🔗Read the full report.
#Cybersecurity #ThreatIntelligence #CyberInvestigation #FightAgainstCybercrime
🔥6👍4❤1🙏1
Group-IB contributed to INTERPOL-led Operation Red Card, a major international effort to dismantle cybercriminal networks across Africa.
Key Outcomes:
✔️306 suspects arrested for banking fraud, mobile malware attacks, investment fraud and other social engineering scams
✔️5,000+ victims targeted by cybercriminals
✔️ 1,842 devices seized, used to defraud individuals & businesses
✔️$305,000 stolen through social engineering scams uncovered in Rwanda
✔️26 vehicles, 16 houses & 39 plots of land seized from fraudsters in Nigeria
This operation demonstrates the impact of cooperation between law enforcement and the private sector in tackling cybercrime. 🔗Read the full story
#CyberSecurity #LawEnforcement #OperationRedCard #FightAgainstCybercrime
Key Outcomes:
✔️306 suspects arrested for banking fraud, mobile malware attacks, investment fraud and other social engineering scams
✔️5,000+ victims targeted by cybercriminals
✔️ 1,842 devices seized, used to defraud individuals & businesses
✔️$305,000 stolen through social engineering scams uncovered in Rwanda
✔️26 vehicles, 16 houses & 39 plots of land seized from fraudsters in Nigeria
This operation demonstrates the impact of cooperation between law enforcement and the private sector in tackling cybercrime. 🔗Read the full story
#CyberSecurity #LawEnforcement #OperationRedCard #FightAgainstCybercrime
🔥10👏3
Scam-as-a-service (SaaS) is reshaping cyber fraud in Central Asia. Classiscam operations leverage Telegram bots, phishing panels, and automated credential harvesting to scale attacks with minimal effort.
Our latest research reveals:
✔️How Telegram bots automate phishing site creation
✔️Classiscam’s role-based fraud hierarchy (Fake Support, Data Input, Operators)
✔️Targeting patterns against online marketplaces & financial institutions
✔️Key IoCs & proactive defense strategies
🔗 Read the full report here
#Phishing #FraudIntelligence #CyberSecurity #FightAgainstCybercrime
Our latest research reveals:
✔️How Telegram bots automate phishing site creation
✔️Classiscam’s role-based fraud hierarchy (Fake Support, Data Input, Operators)
✔️Targeting patterns against online marketplaces & financial institutions
✔️Key IoCs & proactive defense strategies
🔗 Read the full report here
#Phishing #FraudIntelligence #CyberSecurity #FightAgainstCybercrime
❤9🔥2🙏1
Cyber threats across Latin America (LATAM) show a concerning rise!
Cybercriminals have deceived countless victims—using elaborate scams to impersonate well-established brands and exploit users' trust.
In 2024 alone, Group-IB identified at least 97 fraudulent domains targeting four major brands. The level of sophistication among scammers even surprised our own experts.
Want to see these operations in action? Group-IB experts reveal trade secrets from the dark side in the latest blog
#CyberSecurity #LATAM #CyberThreats #FightAgainstCybercrime
Cybercriminals have deceived countless victims—using elaborate scams to impersonate well-established brands and exploit users' trust.
In 2024 alone, Group-IB identified at least 97 fraudulent domains targeting four major brands. The level of sophistication among scammers even surprised our own experts.
Want to see these operations in action? Group-IB experts reveal trade secrets from the dark side in the latest blog
#CyberSecurity #LATAM #CyberThreats #FightAgainstCybercrime
❤6🔥1
🚨 Hunters International: The Next Evolution of Cyber Extortion?
Emerging in October 2023, Hunters International took over Hive ransomware's legacy, operating across Windows, Linux, FreeBSD, SunOS, and ESXi. But their game is changing—Group-IB’s latest research reveals their planned rebrand as World Leaks, adopting an extortion-only model featuring OSINT-driven coercion, their proprietary "Storage Software," and silent encryption (no ransom notes since v6.0).
Key Findings:
• Transitioning from ransomware to pure data extortion
• Infrastructure overlaps with Lynx/INC Ransom
• Evolving tactics to bypass payment bans and law enforcement
Their stealthy approach and affiliate structure make them a growing threat, particularly for healthcare and real estate sectors. Read the full analysis here
#Cybersecurity #Ransomware #FightAgainstCybercrime
Emerging in October 2023, Hunters International took over Hive ransomware's legacy, operating across Windows, Linux, FreeBSD, SunOS, and ESXi. But their game is changing—Group-IB’s latest research reveals their planned rebrand as World Leaks, adopting an extortion-only model featuring OSINT-driven coercion, their proprietary "Storage Software," and silent encryption (no ransom notes since v6.0).
Key Findings:
• Transitioning from ransomware to pure data extortion
• Infrastructure overlaps with Lynx/INC Ransom
• Evolving tactics to bypass payment bans and law enforcement
Their stealthy approach and affiliate structure make them a growing threat, particularly for healthcare and real estate sectors. Read the full analysis here
#Cybersecurity #Ransomware #FightAgainstCybercrime
❤4👍1🔥1🙏1
📢 Breaking news: Group-IB Wins Frost & Sullivan’s 2025 Global Technology Innovation Leadership Award
In today’s fast-pacing cybersecurity landscape, staying ahead of threats requires continuous innovation and real-world expertise.
Frost & Sullivan has recognized Group-IB for pioneering advancements in custom threat intelligence, holistic cyber fusion approach, and integrated AI-technology — all aimed at helping businesses stay resilient against emerging cyber threats.
Key highlights from the report:
✔ Custom threat intelligence
✔ Unified Risk Platform that includes fraud protection, business email protection, and managed extended detection and response (XDR) solutions
✔ Integration of AI-technologies for better detection, response, and risk mitigation
✔ Decentralized cybersecurity model
Read the full report to see how innovations are shaping the future of cybersecurity
#Cybersecurity #ThreatIntelligence #RiskManagement #AI #FightAgainstCybercrime
In today’s fast-pacing cybersecurity landscape, staying ahead of threats requires continuous innovation and real-world expertise.
Frost & Sullivan has recognized Group-IB for pioneering advancements in custom threat intelligence, holistic cyber fusion approach, and integrated AI-technology — all aimed at helping businesses stay resilient against emerging cyber threats.
Key highlights from the report:
✔ Custom threat intelligence
✔ Unified Risk Platform that includes fraud protection, business email protection, and managed extended detection and response (XDR) solutions
✔ Integration of AI-technologies for better detection, response, and risk mitigation
✔ Decentralized cybersecurity model
Read the full report to see how innovations are shaping the future of cybersecurity
#Cybersecurity #ThreatIntelligence #RiskManagement #AI #FightAgainstCybercrime
❤4🔥2👏1😁1
As Australia’s digital economy booms, so do fraud losses, surging past $2 billion AUD annually—and traditional defenses are failing.
The (relatively) new disruptor? AI-powered fraud techniques.
From deepfake-driven scams to automated bot attacks, cybercriminals are evolving fast:
🔹 Mobile banking trojans steal facial recognition data for KYC fraud
🔹 Synthetic identities fuel account takeovers & mule account creation
🔹 AI-driven tactics enable seamless money laundering & loan fraud
📖 Read our latest blog to uncover Australia’s full fraud landscape
What is the key to defense? Data-driven fraud detection.
The catch for AI-driven tactics lies in monitoring transaction and behavioral biometrics data to spot deviations from “usual” activity and detect fraud.
#CyberSecurity #FraudPrevention #DeepfakeFraud #AIThreats #FightAgainstCybercrime
The (relatively) new disruptor? AI-powered fraud techniques.
From deepfake-driven scams to automated bot attacks, cybercriminals are evolving fast:
🔹 Mobile banking trojans steal facial recognition data for KYC fraud
🔹 Synthetic identities fuel account takeovers & mule account creation
🔹 AI-driven tactics enable seamless money laundering & loan fraud
📖 Read our latest blog to uncover Australia’s full fraud landscape
What is the key to defense? Data-driven fraud detection.
The catch for AI-driven tactics lies in monitoring transaction and behavioral biometrics data to spot deviations from “usual” activity and detect fraud.
#CyberSecurity #FraudPrevention #DeepfakeFraud #AIThreats #FightAgainstCybercrime
👍2❤1🔥1
We’re proud to partner with Mahidol University to launch the Cybersecurity Center of Excellence, a pioneering initiative to strengthen the nation’s digital resilience.
By integrating Group-IB’s industry-leading technologies, including Managed XDR, Threat Intelligence, and Business Email Protection, into hands-on academic programs, we’re empowering students and professionals with the real-world skills needed to combat today’s and tomorrow’s cyber threats.
This collaboration merges Mahidol’s academic excellence with Group-IB’s global cybersecurity expertise to create a transformative hub for training, research, and workforce development.
Together, we’re empowering our next generation in building a safer digital future. Read More.
#ThreatIntelligence #ManagedXDR #BusinessEmailProtection #FightAgainstCybercrime
By integrating Group-IB’s industry-leading technologies, including Managed XDR, Threat Intelligence, and Business Email Protection, into hands-on academic programs, we’re empowering students and professionals with the real-world skills needed to combat today’s and tomorrow’s cyber threats.
This collaboration merges Mahidol’s academic excellence with Group-IB’s global cybersecurity expertise to create a transformative hub for training, research, and workforce development.
Together, we’re empowering our next generation in building a safer digital future. Read More.
#ThreatIntelligence #ManagedXDR #BusinessEmailProtection #FightAgainstCybercrime
👍4🔥2
Group-IB launches its strategic Partner Program to fortify Europe’s cybersecurity ecosystem.
Designed for MSSPs, resellers, and tech partners, the program delivers cutting-edge solutions including threat intelligence, fraud protection, managed XDR, and more, alongside elite training, dedicated support, and tiered rewards (standard to platinum).
🤝 Partner with Group-IB to combat evolving threats with global intelligence and local expertise. Be part of the mission. Read More
#Cybersecurity #MSSP #FraudProtection #ThreatIntelligence #FightAgainstCybercrime
Designed for MSSPs, resellers, and tech partners, the program delivers cutting-edge solutions including threat intelligence, fraud protection, managed XDR, and more, alongside elite training, dedicated support, and tiered rewards (standard to platinum).
🤝 Partner with Group-IB to combat evolving threats with global intelligence and local expertise. Be part of the mission. Read More
#Cybersecurity #MSSP #FraudProtection #ThreatIntelligence #FightAgainstCybercrime
👍4
🚨 SMS Pumping Fraud: How Criminals Exploit SMS Verification for Profit 🚨
Our cyber fraud analysts have uncovered a sophisticated SMS Pumping scheme where fraudsters manipulate SMS verification systems to generate artificial traffic, costing businesses millions. By exploiting OTP requests, fake account sign-ups, and corrupt telecom partnerships, attackers inflate SMS volumes, leaving companies with soaring costs and operational disruptions.
Key Insights from the Blog:
✔️ Fraudsters use bots, telecom providers, and fake identities to trigger massive SMS traffic, often bypassing security measures.
✔️ Twitter lost $60M/year to this fraud before implementing stricter telecom provider controls.
✔️ Attacks can lead to system overloads, reputational damage, and penalties from telecom providers.
Businesses relying on SMS for 2FA or onboarding must act now to prevent exploitation. Read the full analysis here
#SMSPumping #ThreatIntelligence #CyberSecurity #FightAgainstCybercrime
Our cyber fraud analysts have uncovered a sophisticated SMS Pumping scheme where fraudsters manipulate SMS verification systems to generate artificial traffic, costing businesses millions. By exploiting OTP requests, fake account sign-ups, and corrupt telecom partnerships, attackers inflate SMS volumes, leaving companies with soaring costs and operational disruptions.
Key Insights from the Blog:
✔️ Fraudsters use bots, telecom providers, and fake identities to trigger massive SMS traffic, often bypassing security measures.
✔️ Twitter lost $60M/year to this fraud before implementing stricter telecom provider controls.
✔️ Attacks can lead to system overloads, reputational damage, and penalties from telecom providers.
Businesses relying on SMS for 2FA or onboarding must act now to prevent exploitation. Read the full analysis here
#SMSPumping #ThreatIntelligence #CyberSecurity #FightAgainstCybercrime
👍4⚡3
Hyper-evolving threats. Expanding risk portfolios. And the board wants answers.
Today's CISOs are expected to lead through chaos, speak the business language, and prove the value of every decision.
Risk management isn’t just a checkbox — It demands foresight, strategy, and accountability.
Done right, it puts CISOs where they belong: in the boardroom, driving strategic decisions.
To step into every challenge with clarity and control, this blog puts things in perspective for CISOs and their team
Get real-world direction, critical communication cues, risk concepts, and decision-making clarity to navigate enterprise risk effectively.
#CISO #RiskManagement #FightAgainstCybercrime
Today's CISOs are expected to lead through chaos, speak the business language, and prove the value of every decision.
Risk management isn’t just a checkbox — It demands foresight, strategy, and accountability.
Done right, it puts CISOs where they belong: in the boardroom, driving strategic decisions.
To step into every challenge with clarity and control, this blog puts things in perspective for CISOs and their team
Get real-world direction, critical communication cues, risk concepts, and decision-making clarity to navigate enterprise risk effectively.
#CISO #RiskManagement #FightAgainstCybercrime
❤6👍4
Group-IB analysts shed light on the growing trend of fraudsters impersonating real threat actors to sell fake data leaks across dark web forums.
Many of these scammers never conducted any actual attacks and rely on recycled stealer logs (e.g., Raccoon, RedLine), repurposed public breaches, and hybrid datasets mixing real/fake entries. In one case, a fake VIP Telegram channel run by the group R00TK1T earned $10,000 by charging $500 per subscriber for access to freely available public leaks.
Key Insights:
✔️ Chinese-speaking darknet markets and Telegram channels offer nearly 100% fake data.
Impersonators mimic names like LockBit, Bjorka, and IntelBroker to deceive researchers and buyers.
✔️ Fraudsters use auto-generated IDs and rebranded aliases to bypass scrutiny.
✔️ Attackers offering "High-quality private data" in private telegram channels are, in most cases, scammers who present old reassembled data leaks as the result of their attacks.
👉 Read the full blog here
Many of these scammers never conducted any actual attacks and rely on recycled stealer logs (e.g., Raccoon, RedLine), repurposed public breaches, and hybrid datasets mixing real/fake entries. In one case, a fake VIP Telegram channel run by the group R00TK1T earned $10,000 by charging $500 per subscriber for access to freely available public leaks.
Key Insights:
✔️ Chinese-speaking darknet markets and Telegram channels offer nearly 100% fake data.
Impersonators mimic names like LockBit, Bjorka, and IntelBroker to deceive researchers and buyers.
✔️ Fraudsters use auto-generated IDs and rebranded aliases to bypass scrutiny.
✔️ Attackers offering "High-quality private data" in private telegram channels are, in most cases, scammers who present old reassembled data leaks as the result of their attacks.
👉 Read the full blog here
👍5⚡1
This media is not supported in your browser
VIEW IN TELEGRAM
AI won’t replace your security team… but it will make your team faster, sharper, and happier.
That’s the idea behind Group-IB’s new AI Assistant — now available in beta for all Threat Intelligence customers.
This LLM-powered chatbot is a new way to interact with one of the industry’s largest threat intelligence datasets — with instant answers, deep context, and zero privacy compromises.
🔗 See it in action and learn how it works in our latest blog post.
#CyberSecurity #ThreatIntelligence #AIAssistant #FightAgainstCybercrime
That’s the idea behind Group-IB’s new AI Assistant — now available in beta for all Threat Intelligence customers.
This LLM-powered chatbot is a new way to interact with one of the industry’s largest threat intelligence datasets — with instant answers, deep context, and zero privacy compromises.
🔗 See it in action and learn how it works in our latest blog post.
#CyberSecurity #ThreatIntelligence #AIAssistant #FightAgainstCybercrime
❤10👌4👍2🔥1
🚨Sophisticated Toll Phishing Campaign Uncovered 🚨
Recently, our analysts uncovered an ongoing phishing campaign targeting toll road service users, where scammers impersonate legitimate providers via SMS to lure victims to fraudulent websites. These sites use third-party tools like FingerprintJS to fingerprint and filter visitors—blocking unwanted traffic such as researchers or automated scanners and Cleave.js for real-time input validation to ensure that the harvested payment data is in the correct format.
Key Highlights:
✅ Google AMP Abuse: Malicious links masked via trusted platforms to evade detection.
✅ Localized Lures: Messages tailored in French to target Canadian victims.
✅ Fingerprint Blocking: Filters out researchers/VPNs, ensuring only victims access phishing pages.
✅ Automated Data Theft: Heartbeat intervals exfiltrate input data every 3 seconds.
🔗 Read the full analysis here
#CyberSecurity #DataProtection #Phishing #FightAgainstCybercrime
Recently, our analysts uncovered an ongoing phishing campaign targeting toll road service users, where scammers impersonate legitimate providers via SMS to lure victims to fraudulent websites. These sites use third-party tools like FingerprintJS to fingerprint and filter visitors—blocking unwanted traffic such as researchers or automated scanners and Cleave.js for real-time input validation to ensure that the harvested payment data is in the correct format.
Key Highlights:
✅ Google AMP Abuse: Malicious links masked via trusted platforms to evade detection.
✅ Localized Lures: Messages tailored in French to target Canadian victims.
✅ Fingerprint Blocking: Filters out researchers/VPNs, ensuring only victims access phishing pages.
✅ Automated Data Theft: Heartbeat intervals exfiltrate input data every 3 seconds.
🔗 Read the full analysis here
#CyberSecurity #DataProtection #Phishing #FightAgainstCybercrime
🔥10❤1👍1
🔍 New Research Alert: RansomHub’s Ransomware-as-a-Service (RaaS) Overview
Group-IB has conducted an analysis of #RansomHub, a rapidly emerging Ransomware-as-a-Service group that has attracted former LockBit and ALPHV affiliates through low fees (10%) and multi-platform ransomware targeting Windows, Linux, FreeBSD, and ESXi environments.
Key findings:
✅ Cross-platform encryption (x86, x64, ARM) via SMB/SFTP
✅ Evasion tactics like Safe Mode execution and process termination
✅ Extortion playbook scaling ransoms with victim revenue
✅ Regulatory pressure tactics (GDPR/PIPL threats) to force payments
The group’s sudden outage in April 2025 raises questions—did affiliates migrate to Qilin? Dive into the full analysis to understand the shifting RaaS landscape and how defenders can prepare.
#CyberSecurity #ThreatIntelligence #Ransomware #FightAgainstCybercrime
Group-IB has conducted an analysis of #RansomHub, a rapidly emerging Ransomware-as-a-Service group that has attracted former LockBit and ALPHV affiliates through low fees (10%) and multi-platform ransomware targeting Windows, Linux, FreeBSD, and ESXi environments.
Key findings:
✅ Cross-platform encryption (x86, x64, ARM) via SMB/SFTP
✅ Evasion tactics like Safe Mode execution and process termination
✅ Extortion playbook scaling ransoms with victim revenue
✅ Regulatory pressure tactics (GDPR/PIPL threats) to force payments
The group’s sudden outage in April 2025 raises questions—did affiliates migrate to Qilin? Dive into the full analysis to understand the shifting RaaS landscape and how defenders can prepare.
#CyberSecurity #ThreatIntelligence #Ransomware #FightAgainstCybercrime
👍5❤3👌2
Got new-age cybersecurity tools, defined capabilities, and resources allocated to each?
But how does it all come together into one combined defense?
The answer is in your stack integration. Without it, you're left with fragmented data, alert fatigue, blind spots, and delayed response—all in the name of “ building capabilities.”
In Edition 1 of our new series, Pavel Shepetina, Group-IB’s Head of Global Pre-Sales & Engineering Department, Cybersecurity Unit, explores what happens when businesses lack a clear integration strategy and objectives—addressing the critical challenge of misconfigurations and:
✅ Potential integration issues with real-world scenarios, examples, and consequences
✅ How misconfigurations tamper with security workflows
✅ Key considerations when moving toward an integrated approach
✅ How to avoid misconfigurations from changes in infrastructure
✅ How to apply practical integration lessons to your own infrastructure
👉 Read the blog here
#Cybersecurity #FightAgainstCybercrime
But how does it all come together into one combined defense?
The answer is in your stack integration. Without it, you're left with fragmented data, alert fatigue, blind spots, and delayed response—all in the name of “ building capabilities.”
In Edition 1 of our new series, Pavel Shepetina, Group-IB’s Head of Global Pre-Sales & Engineering Department, Cybersecurity Unit, explores what happens when businesses lack a clear integration strategy and objectives—addressing the critical challenge of misconfigurations and:
✅ Potential integration issues with real-world scenarios, examples, and consequences
✅ How misconfigurations tamper with security workflows
✅ Key considerations when moving toward an integrated approach
✅ How to avoid misconfigurations from changes in infrastructure
✅ How to apply practical integration lessons to your own infrastructure
👉 Read the blog here
#Cybersecurity #FightAgainstCybercrime
🔥5👍3❤1
Pluggable Authentication Modules (PAM) are at the heart of Linux and Solaris authentication—but what happens when that core component is compromised?
In our latest Group‑IB blog post, we examine a sophisticated attack vector in which threat actors modify the pam_unix.so module to harvest plaintext credentials and evade detection. Key takeaways include:
✅ Real‑World Case Studies: How UNC1945 and UNC2891 leveraged PAM backdoors on Solaris and Linux systems
✅ Detection Strategies: Best practices for module integrity audits, file integrity monitoring and SIEM alerting
✅ Mitigation Playbook: Step‑by‑step guidance on disabling password authentication, enforcing key‑only SSH, and securing private keys
Whether you’re responsible for infrastructure security or compliance, this analysis provides actionable insights to strengthen your authentication layer and reduce risk.
🔗 Read the full report here
#CyberSecurity #PAM #ThreatIntel #FightAgainstCybercrime
In our latest Group‑IB blog post, we examine a sophisticated attack vector in which threat actors modify the pam_unix.so module to harvest plaintext credentials and evade detection. Key takeaways include:
✅ Real‑World Case Studies: How UNC1945 and UNC2891 leveraged PAM backdoors on Solaris and Linux systems
✅ Detection Strategies: Best practices for module integrity audits, file integrity monitoring and SIEM alerting
✅ Mitigation Playbook: Step‑by‑step guidance on disabling password authentication, enforcing key‑only SSH, and securing private keys
Whether you’re responsible for infrastructure security or compliance, this analysis provides actionable insights to strengthen your authentication layer and reduce risk.
🔗 Read the full report here
#CyberSecurity #PAM #ThreatIntel #FightAgainstCybercrime
👍6❤4🔥1🙏1
Media is too big
VIEW IN TELEGRAM
Today, we unveil the Top 10 Masked Actors of 2025 — the most active and dangerous cybercriminal groups reshaping the global threat landscape.
Based on insights from over 1,550 high-tech crime investigations, this ranking draws from our flagship High-Tech Crime Trends 2025 report. From RansomHub and Lazarus to GoldFactory’s deepfake-enabled banking fraud, these threat actors are more sophisticated—and more aggressive—than ever.
we’re launching the Masked Actors podcast, hosted by cybersecurity experts Gary Ruddell and Nick Palmer. Episode one kicks off with an inside look at GoldFactory creators of the first iOS trojan for deepfake fraud.
🔗 Read More here
🎧 Listen to the Masked Actors podcast, Episode 1: on Spotify, Apple Podcasts, or wherever you listen to your podcasts
Explore the full list here
Deep dive into GoldFactory
#MaskedActors #DeepfakeFraud #Ransomware #PodcastLaunch
Based on insights from over 1,550 high-tech crime investigations, this ranking draws from our flagship High-Tech Crime Trends 2025 report. From RansomHub and Lazarus to GoldFactory’s deepfake-enabled banking fraud, these threat actors are more sophisticated—and more aggressive—than ever.
we’re launching the Masked Actors podcast, hosted by cybersecurity experts Gary Ruddell and Nick Palmer. Episode one kicks off with an inside look at GoldFactory creators of the first iOS trojan for deepfake fraud.
🔗 Read More here
🎧 Listen to the Masked Actors podcast, Episode 1: on Spotify, Apple Podcasts, or wherever you listen to your podcasts
Explore the full list here
Deep dive into GoldFactory
#MaskedActors #DeepfakeFraud #Ransomware #PodcastLaunch
🔥8👍2🙏2
Cybercriminals are exploiting Colombia’s mandatory vehicle insurance (SOAT) to run sophisticated scams — using fake websites, public data, and targeted social media ads to mislead victims.
📉 Since early 2024, Group-IB analysts have tracked 100+ fake domains posing as trusted insurers.
🤖 These scams combine social engineering with cross-channel fraud tactics to create a false sense of trust — a trend our LATAM team, led by Vlada Govorova, is closely monitoring.
🔍 Read the full breakdown in our latest blog
Uncover how digital trust is manipulated — and what can be done to stop it.
#ScamAlert #SOATFraud #DigitalTrust #FraudPrevention #FightAgainstCybercrime
📉 Since early 2024, Group-IB analysts have tracked 100+ fake domains posing as trusted insurers.
🤖 These scams combine social engineering with cross-channel fraud tactics to create a false sense of trust — a trend our LATAM team, led by Vlada Govorova, is closely monitoring.
🔍 Read the full breakdown in our latest blog
Uncover how digital trust is manipulated — and what can be done to stop it.
#ScamAlert #SOATFraud #DigitalTrust #FraudPrevention #FightAgainstCybercrime
❤8
Lazarus: Is your best IT worker really a North Korean cybercriminal?
In December 2014, Sony Pictures announced they were cancelling the release of Seth Rogan’s newest venture, The Interview, due to a large-scale cyberattack. And in February of this year, global cryptocurrency exchange Bybit suffered a massive attack resulting in the theft of $1.5 billion.
Join hosts Gary Ruddell and Nick Palmer as they speak with Geoff White, one of the world’s leading journalists covering organized crime and tech.
In this episode, they delve into the group’s latest modus operandi—infiltration campaigns, whereby North Korean hackers pose as remote IT employees to funnel information through the backdoor and leave logic bombs in code that they can trigger years or months down the line. They look at how this shifts the responsibility model for cybersecurity, requiring vigilance from across the organization for unusual behavior.
Subscribe and Listen to it now on Spotify and Apple Podcasts.
In December 2014, Sony Pictures announced they were cancelling the release of Seth Rogan’s newest venture, The Interview, due to a large-scale cyberattack. And in February of this year, global cryptocurrency exchange Bybit suffered a massive attack resulting in the theft of $1.5 billion.
Join hosts Gary Ruddell and Nick Palmer as they speak with Geoff White, one of the world’s leading journalists covering organized crime and tech.
In this episode, they delve into the group’s latest modus operandi—infiltration campaigns, whereby North Korean hackers pose as remote IT employees to funnel information through the backdoor and leave logic bombs in code that they can trigger years or months down the line. They look at how this shifts the responsibility model for cybersecurity, requiring vigilance from across the organization for unusual behavior.
Subscribe and Listen to it now on Spotify and Apple Podcasts.
🔥5👍4