Cybercriminals are exploiting Colombia’s mandatory vehicle insurance (SOAT) to run sophisticated scams — using fake websites, public data, and targeted social media ads to mislead victims.

📉 Since early 2024, Group-IB analysts have tracked 100+ fake domains posing as trusted insurers.

🤖 These scams combine social engineering with cross-channel fraud tactics to create a false sense of trust — a trend our LATAM team, led by Vlada Govorova, is closely monitoring.

🔍 Read the full breakdown in our latest blog

Uncover how digital trust is manipulated — and what can be done to stop it.

#ScamAlert #SOATFraud #DigitalTrust #FraudPrevention #FightAgainstCybercrime

Lazarus: Is your best IT worker really a North Korean cybercriminal?

In December 2014, Sony Pictures announced they were cancelling the release of Seth Rogan’s newest venture, The Interview, due to a large-scale cyberattack. And in February of this year, global cryptocurrency exchange Bybit suffered a massive attack resulting in the theft of $1.5 billion.

Join hosts Gary Ruddell and Nick Palmer as they speak with Geoff White, one of the world’s leading journalists covering organized crime and tech.

In this episode, they delve into the group’s latest modus operandi—infiltration campaigns, whereby North Korean hackers pose as remote IT employees to funnel information through the backdoor and leave logic bombs in code that they can trigger years or months down the line. They look at how this shifts the responsibility model for cybersecurity, requiring vigilance from across the organization for unusual behavior.

Subscribe and Listen to it now on Spotify and Apple Podcasts.

🚨 Group-IB supported INTERPOL’s Operation Secure — dismantling infostealer malware infrastructure across Asia.

From Jan–Apr 2025, our Threat Intelligence and High-Tech Crime Investigation teams provided critical information about the command and control infrastructure of the infostealers to INTERPOL, and law enforcement agencies in Vietnam, Sri Lanka, Nauru, and Hong Kong that led to:
✔️ The arrest of 32 suspects and takedown of over 20,000 malicious IPs and domains
✔️ Seizure of 41 servers containing 100GB+ of data linked to cybercriminal activity
✔️ Analysis of 1,700+ intelligence items by the Hong Kong Police Force, identifying 117 C2 servers across 89 ISPs used for phishing, fraud, and scams
✔️ Vietnamese police arresting 18 suspects (including the ringleader) and seizing VND$300 million, SIM cards, and corporate registration documents tied to a corporate account fraud scheme

Infostealers like Lumma, Risepro, and META Stealer are key enablers of ransomware and financial fraud. 🔗 Read more

PSR IT Solutions launched Pulsar SoftPOS to give merchants a new, flexible way to accept payments. But proving that the platform is secure required undergoing rigorous certification and attack simulation.

With Group-IB’s vulnerability assessment and penetration testing, PSR achieved PCI MPoC certification and strengthened trust among acquiring partners.

Read how security became the company’s market differentiator.

#Fintech #PaymentSecurity #PCICompliance #FightAgainstCybercrime

🚨Fear is the new phishing hook — and crypto holders are the prime target.

Group-IB’s latest investigation uncovers a phishing campaign impersonating European tax bodies (primarily Dutch), exploiting public confusion around 2025 crypto tax rules to drain crypto wallets.

Key highlights:
✅ Fake emails demand urgent crypto declarations under threat of fines
✅ Phishing sites mimic official government portals with flawless branding
✅ Two attack vectors: seed phrase theft or malicious smart contract approvals via WalletConnect
✅ Even smart contract wallets like Safe and Argent are at risk
✅ Campaign linked to Inferno Drainer’s Drainer-as-a-Service infrastructure
✅ Telegram bots and admin panels used for real-time exfiltration
✅ JavaScript prevents inspection and blocks analysis

🎯 Real scams. Real tactics. Real consequences.

🔗 Dive into the full technical breakdown and get the IOCs.

#CryptoScam #Cybersecurity #Phishing #ThreatIntelligence #FightAgainstCybercrime

Group-IB is proud to have contributed critical threat intelligence to INTERPOL’s Africa Cybercrime Threat Assessment Report 2025.

Key Insights:
✅ South Africa was the most frequently targeted country by ransomware operators in 2024.
✅ A spike in ransomware (LockBit most active), phishing, and stealer malware activity across Africa
✅ The education sector and internet service providers were the most frequently impacted by these leaks across the region.
✅ South Africa, Egypt, and Morocco among the most targeted countries

Broader impact:
🔹 Group-IB shared insights on phishing infrastructure, stealer malware, and DDoS attack vectors to support INTERPOL’s African Joint Operation against Cybercrime
🔹 The report estimates $3B+ in cybercrime losses across Africa since 2019 — highlighting the urgent need for public-private cooperation

This collaboration strengthens regional cyber resilience and underscores the power of public-private partnerships in the fight against cybercrime. 🔗 Read more here.

🚨 Cyber conflict in the Middle East is escalating and going far beyond DDoS and defacements.

Between June 13–20, 2025, Group-IB’s threat intel reveals a surge in hacktivism, GPS spoofing, infrastructure breaches, and disinformation—with real-world impact on maritime, aviation, and civilian safety.

Key insights:
✅ Hacktivist activity surged 46% on June 13, with over 250 attacks claimed in 7 days.
✅ GPS spoofing disrupted 1,155 vessels on June 16 and aviation navigation—with IATA reporting 220% rise in GPS failures since 2021.
✅ Iranian-nexus threat actors weaponized emergency alerts, sending fake SMS warnings to lure civilians from shelters.
✅ Israeli IP cameras exploited for real-time strike assessment.
✅ Predatory Sparrow burned ~$90M in crypto, leaked Nobitex source code


From cyber-enabled psychological operations to geopolitical sabotage — this blog breaks down the tactics, timeline, and defenses you need to know. Read the full blog here.

#Hacktivism #GroupIB #FightAgainstCybercrime

Group-IB is proud to partner with the National CERT of the Republic of Serbia to enhance national cybersecurity capabilities. The partnership delivers Group-IB’s advanced Threat Intelligence solution to enhance the CERT’s threat detection precision and accelerate incident response workflows at a national level.

Key outcomes include:
1️⃣ Measurable improvements in threat verification and response times
2️⃣ Enhanced public and institutional cybersecurity awareness
3️⃣ Strengthened global collaboration through mutual memberships in FIRST and Trusted Introducer networks

This partnership underscores the critical role of public-private collaboration in building national digital resilience against evolving cyber threats. Learn More.

#CyberSecurity #ThreatIntelligence #CERT #GroupIB #FightAgainstCybercrime

Is it Classiscam, a fake CEO, or maybe a deepfake?

Scams wear different faces, and even global scam gangs tailor their attacks to local languages, habits, and culture. At the same time, some threats are universal enough to keep everyone on edge.

Want a fast track to catch up on what’s happening in the scam landscape — globally and in your region?

Visualize your scam landscape with key schemes, figures, and trends that matter. Check out the datasheet.

#CyberSecurity #OnlineScams #ScamAlert #DigitalSafety #FraudDetection #FightAgainstCybercrime

🚨 Qwizzserial: The New Face of Android SMS Stealers primarily in Uzbekistan!
A previously unknown malware family is making waves across Uzbekistan, blending social engineering with technical stealth to bypass defenses and hijack finances.

Key Highlights:
🔹 Over 100,000 Android infections in just 3 months
🔹 Telegram bots used to auto-generate malware disguised as government aid apps
🔹 $62,000+ stolen by a single group using fake “financial support” schemes
🔹 Advanced evasion techniques: USSD SIM hijacking, infinite preloaders, obfuscation with NP Manager and Allatori

This is not just another stealer — it’s the evolution of the Classiscam model.

Read the full breakdown, infrastructure, attribution, and mitigation tips in our technical blog.

#AndroidMalware #ThreatIntel #Classiscam #Qwizzserial #SMSStealer #FightAgainstCybercrime

Got threat feeds, alerts, activity logs, and IOCs — but without context, relevance, and actionability? That’s not threat intelligence. That’s just raw data.

Real CTI isn’t passive — it’s a function you build to
✅ Anticipate what’s coming
✅ Mobilize the right people, tools, and workflows.
✅ Evolve constantly — to anticipate adversaries before they act.

Introducing Group-IB’s latest resource: “Intelligence. Action. Defense: Your All-Hands E-Book for Operationalizing CTI.”

What it isn’t? A theoretical monologue built on abstractions.

It’s a practical, field-tested playbook designed to help you build and manage a complete CTI function — packed with plug-and-play reporting templates, real-world workflows, threat heatmaps, team structuring blueprints, and intelligence data flow mind maps, so you can get started right now.

#ThreatIntelligence #CyberSecurity #CTI #CyberThreats #InfoSec #IncidentResponse #ThreatHunting #FightAgainstCybercrime

Drowning in alerts? You're not alone.

Most SOC teams spend hours chasing false positives, repeating the same steps in investigations, and losing critical context across tools.

Smart Alert prevents all that.

The new feature in Group-IB Managed XDR uses AI to consolidate thousands of signals into a single, evolving alert — enriched with real-time context, evidence, and analyst notes.
✅ 80% fewer alerts
✅ 50% faster investigations
✅ A single alert that tells the whole story

Read how Smart Alert changes your view of alert triage.

#CyberSecurity #SOC #IncidentResponse #SmartAlert #ThreatDetection #ManagedXDR #AI #CyberThreats #FightAgainstCybercrime

Group-IB’s Threat Intelligence team has uncovered a surge in sophisticated attacks exploiting #WindowsKernel loaders and weaponizing signed drivers. Here’s why it matters:

🔻 Key Findings
✅ 620+ malicious drivers linked to campaigns since 2020
✅ 80+ certificates and 60+ WHCP accounts abused by threat actors
✅ 32% of drivers act as loaders, enabling stealthy second-stage payloads
✅ Overlaps in Certificates and WHCP accounts used to sign drivers for unrelated TA
✅ underground certificate providers markets slash attacker signing costs

Learn how to detect anomalies, mitigate risks, and disrupt this shadow economy. 📈 Read the full report.

#CyberSecurity #ThreatIntelligence #WindowsSecurity #MaliciousDrivers #FightAgainstCybercrime

A high-value transaction request? Seems routine — even when it’s not.

What if it’s triggered from a fraudster’s desktop emulator using stolen credentials, a SIM-swap, or a deepfake scam?

Just like that, your OTPs and MFA validate the attacker. Funds lost. Trust broken.

Introducing BioConfirm by Group-IB: Real-time, device-bound biometric authentication only visible and usable by the true account holder.

Today’s fraudsters use automation, deepfakes, and Fraud-as-a-Service kits. Traditional security can’t keep up — but BioConfirm can:
✅ One-tap Face/Fingerprint user consent on their trusted device
✅ Cryptographic tokens that no fraudster can see, spoof, or intercept
✅ Highest-level security for real users, with zero extra effort
✅ Blocks emulators, phishing, and SIM-swaps
✅ Malware-resistant protection for mobile banking apps
✅ Easily integrates with your risk engine + PSD2 / RBI compliance

Learn how BioConfirm reduces risk and builds trust for high-risk transactions.

#FraudPrevention #BiometricSecurity

🚨Not all data leaks are what they seem.

Group-IB’s latest blog peels back the layers on combolists and ULP files credential dumps flooding the dark web and Telegram, often mislabeled as fresh infostealer logs. But behind the buzzwords and file names like “PRIVATE_LEAK_2025” lies a cycle of recycled, fake, or autogenerated data that misleads defenders and fuels alert fatigue.

Threat actors like AlienTXT have built reputations on this deception—repackaging old data as new and selling it under the guise of exclusivity.

Learn how to tell real stealer logs from marketing noise, and why defenders must focus on the original source of compromise, not just what’s trending in cthreat actor channels. Read the full analysis.

#CyberSecurity #ThreatIntelligence #Infostealer #ULP #DarkWeb #DataLeaks #GroupIB

Cybersecurity doesn’t break at the point of attack — it breaks at the planning table.

If your roadmap isn’t tied to real-world business context — it’s already irrelevant.

Gartner® latest Cybersecurity Strategy Planning Report breaks it down:
● Cybersecurity is now considered a board-level business risk
● Cyber strategy must be tied to business, tech, and environmental context to intercept and mitigate real risks.
● Most cyber plans fail because they’re rigid, one-size-fits-all, lacking modularity.
● Lack of executive oversight and cyber literacy brings inconsistencies that weaken resilience.

Build cybersecurity that defends. Access the complete report exclusively through Group-IB.

#RiskMitigation #CTI #Cybersecurity #FightAgainstCybercrime

🌍 Our Inaugural Sustainability Report is here!

Cybersecurity is now a sustainability imperative, with Group-IB pioneering solutions that protect both digital ecosystems and our planet's future through ethical innovation and ESG leadership.

Key Insights:
🔹 10,000 tCO₂e prevented – equivalent to 48,000 trees grown for 10 years
🔹 65M potential victims shielded from cybercrime
🔹 $2.7B in fraud losses blocked globally
🔹 100% renewable energy powering our Netherland office
🔹 Zero data breaches, corruption, or compliance incidents
🔹 1,291 next-gen cyber defenders trained through partnerships

All these achievements, plus our commitment to gender equity, law enforcement capacity building, and governance excellence in the full report. Download it now and Read the press release.

#SustainabilityReport #Cybersecurity #ESG #GreenTech #RenewableEnergy #SustainableFuture #DigitalEcosystems #FightAgainstCybercrime

Fake receipt generators are powering a new wave of industrialized fraud.

Scammers use services like #MaisonReceipts to create localized receipts for 21+ brands—arming resellers of counterfeits with “proof” that deceives platforms, consumers, and retailers.

Our investigation with Sorint.SEC exposes:
🔹 30,000+ Discord members leveraged for real-time scam "support"
🔹 21+ global brands impersonated via polished counterfeit receipts
🔹 Fraud-as-a-service subnoscriptions (€16.99/month) funding TikTok/Telegram promotions
🔹 New platforms like Receiptified emerging to scale the threat

The ecosystem is professionalizing. The receipts? Nearly flawless.

👉 Discover how fraudsters exploit this tech, who’s at risk, and how brands and marketplaces can fight back.

#Cybercrime #FraudDetection #EcommerceSecurity #ThreatIntel #FraudProtection #FightAgainstCybercrime

iGaming witnesses some of the highest fraud rates across industries—ATO, multi-accounting, bonus abuse, other identity-driven, sophisticated tactics.

In this landscape, fool-proof protection is essential for your business and your players.

But can a single solution bring the chance of fraud down to zero?

After a highly anticipated launch in financial services this month—met with immediate success—we’re now bringing BioConfirm to iGaming.

🎮 Introducing BioConfirm for iGaming
An advanced authentication capability that links real users to their real devices, ensuring consent comes only from the genuine ones.

❌ No disguises. No imposters.

Learn how BioConfirm strengthens your defense against fraud.

#iGaming #BioConfirm #OnlineGaming #FraudDetection #CyberSecurity #FightAgainstCybercrime

🚨 Game-changing news in fraud prevention!

Group-IB just launched Fraud Matrix 2.0—a revolutionary analytics framework built using a similar approach to the widely recognized MITRE ATT&CK® framework, transforming how organizations detect, prevent, and respond to fraud.

Early adopters report results that speak for themselves:
✅ Detection coverage: 55% → 91%
✅ Response times improved by 85.6%.
✅ 80+ organizations across 30+ countries already onboard

This next-gen solution offers threat actor profiles, real-time campaign intelligence, and cross-industry fraud taxonomy to help businesses stay ahead of evolving threats.

Are you prepared to enhance your fraud defense strategy? Read more.

#CyberSecurity #FraudPrevention #FinTech #RiskManagement #Innovation #GroupIB

🔍 Think your PDFs are secure? Think again.

Our latest blog reveals how "official" documents can be forged or tampered with leaving zero traces if unsigned. From hidden overlays to broken signatures, learn why visual checks fail and how to detect fraud.

Key insights:
🔹 Subtle PDF edits can void digital signatures and break document integrity.
🔹 Tools like Adobe Acrobat and PDF-Processing can reveal hidden annotations and previous versions.
🔹 Metadata can be misleading; only digital signatures reliably prove authenticity.
🔹 Unsigned or PDFs with no password protection offer ZERO assurance.

Dive into the full analysis to learn how to spot tampering before it causes damage.

#Cybersecurity #PDFsecurity #DigitalForensics #InfoSec #DocumentIntegrity #ZeroTrust