Group-IB is proud to partner with the National CERT of the Republic of Serbia to enhance national cybersecurity capabilities. The partnership delivers Group-IB’s advanced Threat Intelligence solution to enhance the CERT’s threat detection precision and accelerate incident response workflows at a national level.
Key outcomes include:
1️⃣ Measurable improvements in threat verification and response times
2️⃣ Enhanced public and institutional cybersecurity awareness
3️⃣ Strengthened global collaboration through mutual memberships in FIRST and Trusted Introducer networks
This partnership underscores the critical role of public-private collaboration in building national digital resilience against evolving cyber threats. Learn More.
#CyberSecurity #ThreatIntelligence #CERT #GroupIB #FightAgainstCybercrime
Key outcomes include:
1️⃣ Measurable improvements in threat verification and response times
2️⃣ Enhanced public and institutional cybersecurity awareness
3️⃣ Strengthened global collaboration through mutual memberships in FIRST and Trusted Introducer networks
This partnership underscores the critical role of public-private collaboration in building national digital resilience against evolving cyber threats. Learn More.
#CyberSecurity #ThreatIntelligence #CERT #GroupIB #FightAgainstCybercrime
🔥9❤4👍1
Media is too big
VIEW IN TELEGRAM
Is it Classiscam, a fake CEO, or maybe a deepfake?
Scams wear different faces, and even global scam gangs tailor their attacks to local languages, habits, and culture. At the same time, some threats are universal enough to keep everyone on edge.
Want a fast track to catch up on what’s happening in the scam landscape — globally and in your region?
Visualize your scam landscape with key schemes, figures, and trends that matter. Check out the datasheet.
#CyberSecurity #OnlineScams #ScamAlert #DigitalSafety #FraudDetection #FightAgainstCybercrime
Scams wear different faces, and even global scam gangs tailor their attacks to local languages, habits, and culture. At the same time, some threats are universal enough to keep everyone on edge.
Want a fast track to catch up on what’s happening in the scam landscape — globally and in your region?
Visualize your scam landscape with key schemes, figures, and trends that matter. Check out the datasheet.
#CyberSecurity #OnlineScams #ScamAlert #DigitalSafety #FraudDetection #FightAgainstCybercrime
❤4🔥2
🚨 Qwizzserial: The New Face of Android SMS Stealers primarily in Uzbekistan!
A previously unknown malware family is making waves across Uzbekistan, blending social engineering with technical stealth to bypass defenses and hijack finances.
Key Highlights:
🔹 Over 100,000 Android infections in just 3 months
🔹 Telegram bots used to auto-generate malware disguised as government aid apps
🔹 $62,000+ stolen by a single group using fake “financial support” schemes
🔹 Advanced evasion techniques: USSD SIM hijacking, infinite preloaders, obfuscation with NP Manager and Allatori
This is not just another stealer — it’s the evolution of the Classiscam model.
Read the full breakdown, infrastructure, attribution, and mitigation tips in our technical blog.
#AndroidMalware #ThreatIntel #Classiscam #Qwizzserial #SMSStealer #FightAgainstCybercrime
A previously unknown malware family is making waves across Uzbekistan, blending social engineering with technical stealth to bypass defenses and hijack finances.
Key Highlights:
🔹 Over 100,000 Android infections in just 3 months
🔹 Telegram bots used to auto-generate malware disguised as government aid apps
🔹 $62,000+ stolen by a single group using fake “financial support” schemes
🔹 Advanced evasion techniques: USSD SIM hijacking, infinite preloaders, obfuscation with NP Manager and Allatori
This is not just another stealer — it’s the evolution of the Classiscam model.
Read the full breakdown, infrastructure, attribution, and mitigation tips in our technical blog.
#AndroidMalware #ThreatIntel #Classiscam #Qwizzserial #SMSStealer #FightAgainstCybercrime
❤8👍2
Media is too big
VIEW IN TELEGRAM
Got threat feeds, alerts, activity logs, and IOCs — but without context, relevance, and actionability? That’s not threat intelligence. That’s just raw data.
Real CTI isn’t passive — it’s a function you build to
✅ Anticipate what’s coming
✅ Mobilize the right people, tools, and workflows.
✅ Evolve constantly — to anticipate adversaries before they act.
Introducing Group-IB’s latest resource: “Intelligence. Action. Defense: Your All-Hands E-Book for Operationalizing CTI.”
What it isn’t? A theoretical monologue built on abstractions.
It’s a practical, field-tested playbook designed to help you build and manage a complete CTI function — packed with plug-and-play reporting templates, real-world workflows, threat heatmaps, team structuring blueprints, and intelligence data flow mind maps, so you can get started right now.
#ThreatIntelligence #CyberSecurity #CTI #CyberThreats #InfoSec #IncidentResponse #ThreatHunting #FightAgainstCybercrime
Real CTI isn’t passive — it’s a function you build to
✅ Anticipate what’s coming
✅ Mobilize the right people, tools, and workflows.
✅ Evolve constantly — to anticipate adversaries before they act.
Introducing Group-IB’s latest resource: “Intelligence. Action. Defense: Your All-Hands E-Book for Operationalizing CTI.”
What it isn’t? A theoretical monologue built on abstractions.
It’s a practical, field-tested playbook designed to help you build and manage a complete CTI function — packed with plug-and-play reporting templates, real-world workflows, threat heatmaps, team structuring blueprints, and intelligence data flow mind maps, so you can get started right now.
#ThreatIntelligence #CyberSecurity #CTI #CyberThreats #InfoSec #IncidentResponse #ThreatHunting #FightAgainstCybercrime
🔥8❤2
Drowning in alerts? You're not alone.
Most SOC teams spend hours chasing false positives, repeating the same steps in investigations, and losing critical context across tools.
Smart Alert prevents all that.
The new feature in Group-IB Managed XDR uses AI to consolidate thousands of signals into a single, evolving alert — enriched with real-time context, evidence, and analyst notes.
✅ 80% fewer alerts
✅ 50% faster investigations
✅ A single alert that tells the whole story
Read how Smart Alert changes your view of alert triage.
#CyberSecurity #SOC #IncidentResponse #SmartAlert #ThreatDetection #ManagedXDR #AI #CyberThreats #FightAgainstCybercrime
Most SOC teams spend hours chasing false positives, repeating the same steps in investigations, and losing critical context across tools.
Smart Alert prevents all that.
The new feature in Group-IB Managed XDR uses AI to consolidate thousands of signals into a single, evolving alert — enriched with real-time context, evidence, and analyst notes.
✅ 80% fewer alerts
✅ 50% faster investigations
✅ A single alert that tells the whole story
Read how Smart Alert changes your view of alert triage.
#CyberSecurity #SOC #IncidentResponse #SmartAlert #ThreatDetection #ManagedXDR #AI #CyberThreats #FightAgainstCybercrime
🔥7
Group-IB’s Threat Intelligence team has uncovered a surge in sophisticated attacks exploiting #WindowsKernel loaders and weaponizing signed drivers. Here’s why it matters:
🔻 Key Findings
✅ 620+ malicious drivers linked to campaigns since 2020
✅ 80+ certificates and 60+ WHCP accounts abused by threat actors
✅ 32% of drivers act as loaders, enabling stealthy second-stage payloads
✅ Overlaps in Certificates and WHCP accounts used to sign drivers for unrelated TA
✅ underground certificate providers markets slash attacker signing costs
Learn how to detect anomalies, mitigate risks, and disrupt this shadow economy. 📈 Read the full report.
#CyberSecurity #ThreatIntelligence #WindowsSecurity #MaliciousDrivers #FightAgainstCybercrime
🔻 Key Findings
✅ 620+ malicious drivers linked to campaigns since 2020
✅ 80+ certificates and 60+ WHCP accounts abused by threat actors
✅ 32% of drivers act as loaders, enabling stealthy second-stage payloads
✅ Overlaps in Certificates and WHCP accounts used to sign drivers for unrelated TA
✅ underground certificate providers markets slash attacker signing costs
Learn how to detect anomalies, mitigate risks, and disrupt this shadow economy. 📈 Read the full report.
#CyberSecurity #ThreatIntelligence #WindowsSecurity #MaliciousDrivers #FightAgainstCybercrime
🔥3👍1
A high-value transaction request? Seems routine — even when it’s not.
What if it’s triggered from a fraudster’s desktop emulator using stolen credentials, a SIM-swap, or a deepfake scam?
Just like that, your OTPs and MFA validate the attacker. Funds lost. Trust broken.
Introducing BioConfirm by Group-IB: Real-time, device-bound biometric authentication only visible and usable by the true account holder.
Today’s fraudsters use automation, deepfakes, and Fraud-as-a-Service kits. Traditional security can’t keep up — but BioConfirm can:
✅ One-tap Face/Fingerprint user consent on their trusted device
✅ Cryptographic tokens that no fraudster can see, spoof, or intercept
✅ Highest-level security for real users, with zero extra effort
✅ Blocks emulators, phishing, and SIM-swaps
✅ Malware-resistant protection for mobile banking apps
✅ Easily integrates with your risk engine + PSD2 / RBI compliance
Learn how BioConfirm reduces risk and builds trust for high-risk transactions.
#FraudPrevention #BiometricSecurity
What if it’s triggered from a fraudster’s desktop emulator using stolen credentials, a SIM-swap, or a deepfake scam?
Just like that, your OTPs and MFA validate the attacker. Funds lost. Trust broken.
Introducing BioConfirm by Group-IB: Real-time, device-bound biometric authentication only visible and usable by the true account holder.
Today’s fraudsters use automation, deepfakes, and Fraud-as-a-Service kits. Traditional security can’t keep up — but BioConfirm can:
✅ One-tap Face/Fingerprint user consent on their trusted device
✅ Cryptographic tokens that no fraudster can see, spoof, or intercept
✅ Highest-level security for real users, with zero extra effort
✅ Blocks emulators, phishing, and SIM-swaps
✅ Malware-resistant protection for mobile banking apps
✅ Easily integrates with your risk engine + PSD2 / RBI compliance
Learn how BioConfirm reduces risk and builds trust for high-risk transactions.
#FraudPrevention #BiometricSecurity
❤5🔥2
🚨Not all data leaks are what they seem.
Group-IB’s latest blog peels back the layers on combolists and ULP files credential dumps flooding the dark web and Telegram, often mislabeled as fresh infostealer logs. But behind the buzzwords and file names like “PRIVATE_LEAK_2025” lies a cycle of recycled, fake, or autogenerated data that misleads defenders and fuels alert fatigue.
Threat actors like AlienTXT have built reputations on this deception—repackaging old data as new and selling it under the guise of exclusivity.
Learn how to tell real stealer logs from marketing noise, and why defenders must focus on the original source of compromise, not just what’s trending in cthreat actor channels. Read the full analysis.
#CyberSecurity #ThreatIntelligence #Infostealer #ULP #DarkWeb #DataLeaks #GroupIB
Group-IB’s latest blog peels back the layers on combolists and ULP files credential dumps flooding the dark web and Telegram, often mislabeled as fresh infostealer logs. But behind the buzzwords and file names like “PRIVATE_LEAK_2025” lies a cycle of recycled, fake, or autogenerated data that misleads defenders and fuels alert fatigue.
Threat actors like AlienTXT have built reputations on this deception—repackaging old data as new and selling it under the guise of exclusivity.
Learn how to tell real stealer logs from marketing noise, and why defenders must focus on the original source of compromise, not just what’s trending in cthreat actor channels. Read the full analysis.
#CyberSecurity #ThreatIntelligence #Infostealer #ULP #DarkWeb #DataLeaks #GroupIB
🔥8
Cybersecurity doesn’t break at the point of attack — it breaks at the planning table.
If your roadmap isn’t tied to real-world business context — it’s already irrelevant.
Gartner® latest Cybersecurity Strategy Planning Report breaks it down:
● Cybersecurity is now considered a board-level business risk
● Cyber strategy must be tied to business, tech, and environmental context to intercept and mitigate real risks.
● Most cyber plans fail because they’re rigid, one-size-fits-all, lacking modularity.
● Lack of executive oversight and cyber literacy brings inconsistencies that weaken resilience.
Build cybersecurity that defends. Access the complete report exclusively through Group-IB.
#RiskMitigation #CTI #Cybersecurity #FightAgainstCybercrime
If your roadmap isn’t tied to real-world business context — it’s already irrelevant.
Gartner® latest Cybersecurity Strategy Planning Report breaks it down:
● Cybersecurity is now considered a board-level business risk
● Cyber strategy must be tied to business, tech, and environmental context to intercept and mitigate real risks.
● Most cyber plans fail because they’re rigid, one-size-fits-all, lacking modularity.
● Lack of executive oversight and cyber literacy brings inconsistencies that weaken resilience.
Build cybersecurity that defends. Access the complete report exclusively through Group-IB.
#RiskMitigation #CTI #Cybersecurity #FightAgainstCybercrime
❤6👍1🔥1
This media is not supported in your browser
VIEW IN TELEGRAM
🌍 Our Inaugural Sustainability Report is here!
Cybersecurity is now a sustainability imperative, with Group-IB pioneering solutions that protect both digital ecosystems and our planet's future through ethical innovation and ESG leadership.
Key Insights:
🔹 10,000 tCO₂e prevented – equivalent to 48,000 trees grown for 10 years
🔹 65M potential victims shielded from cybercrime
🔹 $2.7B in fraud losses blocked globally
🔹 100% renewable energy powering our Netherland office
🔹 Zero data breaches, corruption, or compliance incidents
🔹 1,291 next-gen cyber defenders trained through partnerships
All these achievements, plus our commitment to gender equity, law enforcement capacity building, and governance excellence in the full report. Download it now and Read the press release.
#SustainabilityReport #Cybersecurity #ESG #GreenTech #RenewableEnergy #SustainableFuture #DigitalEcosystems #FightAgainstCybercrime
Cybersecurity is now a sustainability imperative, with Group-IB pioneering solutions that protect both digital ecosystems and our planet's future through ethical innovation and ESG leadership.
Key Insights:
🔹 10,000 tCO₂e prevented – equivalent to 48,000 trees grown for 10 years
🔹 65M potential victims shielded from cybercrime
🔹 $2.7B in fraud losses blocked globally
🔹 100% renewable energy powering our Netherland office
🔹 Zero data breaches, corruption, or compliance incidents
🔹 1,291 next-gen cyber defenders trained through partnerships
All these achievements, plus our commitment to gender equity, law enforcement capacity building, and governance excellence in the full report. Download it now and Read the press release.
#SustainabilityReport #Cybersecurity #ESG #GreenTech #RenewableEnergy #SustainableFuture #DigitalEcosystems #FightAgainstCybercrime
❤8
Fake receipt generators are powering a new wave of industrialized fraud.
Scammers use services like #MaisonReceipts to create localized receipts for 21+ brands—arming resellers of counterfeits with “proof” that deceives platforms, consumers, and retailers.
Our investigation with Sorint.SEC exposes:
🔹 30,000+ Discord members leveraged for real-time scam "support"
🔹 21+ global brands impersonated via polished counterfeit receipts
🔹 Fraud-as-a-service subnoscriptions (€16.99/month) funding TikTok/Telegram promotions
🔹 New platforms like Receiptified emerging to scale the threat
The ecosystem is professionalizing. The receipts? Nearly flawless.
👉 Discover how fraudsters exploit this tech, who’s at risk, and how brands and marketplaces can fight back.
#Cybercrime #FraudDetection #EcommerceSecurity #ThreatIntel #FraudProtection #FightAgainstCybercrime
Scammers use services like #MaisonReceipts to create localized receipts for 21+ brands—arming resellers of counterfeits with “proof” that deceives platforms, consumers, and retailers.
Our investigation with Sorint.SEC exposes:
🔹 30,000+ Discord members leveraged for real-time scam "support"
🔹 21+ global brands impersonated via polished counterfeit receipts
🔹 Fraud-as-a-service subnoscriptions (€16.99/month) funding TikTok/Telegram promotions
🔹 New platforms like Receiptified emerging to scale the threat
The ecosystem is professionalizing. The receipts? Nearly flawless.
👉 Discover how fraudsters exploit this tech, who’s at risk, and how brands and marketplaces can fight back.
#Cybercrime #FraudDetection #EcommerceSecurity #ThreatIntel #FraudProtection #FightAgainstCybercrime
🔥7❤3
iGaming witnesses some of the highest fraud rates across industries—ATO, multi-accounting, bonus abuse, other identity-driven, sophisticated tactics.
In this landscape, fool-proof protection is essential for your business and your players.
But can a single solution bring the chance of fraud down to zero?
After a highly anticipated launch in financial services this month—met with immediate success—we’re now bringing BioConfirm to iGaming.
🎮 Introducing BioConfirm for iGaming
An advanced authentication capability that links real users to their real devices, ensuring consent comes only from the genuine ones.
❌ No disguises. No imposters.
Learn how BioConfirm strengthens your defense against fraud.
#iGaming #BioConfirm #OnlineGaming #FraudDetection #CyberSecurity #FightAgainstCybercrime
In this landscape, fool-proof protection is essential for your business and your players.
But can a single solution bring the chance of fraud down to zero?
After a highly anticipated launch in financial services this month—met with immediate success—we’re now bringing BioConfirm to iGaming.
🎮 Introducing BioConfirm for iGaming
An advanced authentication capability that links real users to their real devices, ensuring consent comes only from the genuine ones.
❌ No disguises. No imposters.
Learn how BioConfirm strengthens your defense against fraud.
#iGaming #BioConfirm #OnlineGaming #FraudDetection #CyberSecurity #FightAgainstCybercrime
❤2👍2
🚨 Game-changing news in fraud prevention!
Group-IB just launched Fraud Matrix 2.0—a revolutionary analytics framework built using a similar approach to the widely recognized MITRE ATT&CK® framework, transforming how organizations detect, prevent, and respond to fraud.
Early adopters report results that speak for themselves:
✅ Detection coverage: 55% → 91%
✅ Response times improved by 85.6%.
✅ 80+ organizations across 30+ countries already onboard
This next-gen solution offers threat actor profiles, real-time campaign intelligence, and cross-industry fraud taxonomy to help businesses stay ahead of evolving threats.
Are you prepared to enhance your fraud defense strategy? Read more.
#CyberSecurity #FraudPrevention #FinTech #RiskManagement #Innovation #GroupIB
Group-IB just launched Fraud Matrix 2.0—a revolutionary analytics framework built using a similar approach to the widely recognized MITRE ATT&CK® framework, transforming how organizations detect, prevent, and respond to fraud.
Early adopters report results that speak for themselves:
✅ Detection coverage: 55% → 91%
✅ Response times improved by 85.6%.
✅ 80+ organizations across 30+ countries already onboard
This next-gen solution offers threat actor profiles, real-time campaign intelligence, and cross-industry fraud taxonomy to help businesses stay ahead of evolving threats.
Are you prepared to enhance your fraud defense strategy? Read more.
#CyberSecurity #FraudPrevention #FinTech #RiskManagement #Innovation #GroupIB
👍7🔥3
🔍 Think your PDFs are secure? Think again.
Our latest blog reveals how "official" documents can be forged or tampered with leaving zero traces if unsigned. From hidden overlays to broken signatures, learn why visual checks fail and how to detect fraud.
Key insights:
🔹 Subtle PDF edits can void digital signatures and break document integrity.
🔹 Tools like Adobe Acrobat and PDF-Processing can reveal hidden annotations and previous versions.
🔹 Metadata can be misleading; only digital signatures reliably prove authenticity.
🔹 Unsigned or PDFs with no password protection offer ZERO assurance.
Dive into the full analysis to learn how to spot tampering before it causes damage.
#Cybersecurity #PDFsecurity #DigitalForensics #InfoSec #DocumentIntegrity #ZeroTrust
Our latest blog reveals how "official" documents can be forged or tampered with leaving zero traces if unsigned. From hidden overlays to broken signatures, learn why visual checks fail and how to detect fraud.
Key insights:
🔹 Subtle PDF edits can void digital signatures and break document integrity.
🔹 Tools like Adobe Acrobat and PDF-Processing can reveal hidden annotations and previous versions.
🔹 Metadata can be misleading; only digital signatures reliably prove authenticity.
🔹 Unsigned or PDFs with no password protection offer ZERO assurance.
Dive into the full analysis to learn how to spot tampering before it causes damage.
#Cybersecurity #PDFsecurity #DigitalForensics #InfoSec #DocumentIntegrity #ZeroTrust
👍3🔥3
Unpredictability is an adversary’s greatest leverage – Break the illusion. Predict their every move.
While the world rides the hype wave of GenAI, Predictive AI is quietly building your real advantage in cybersecurity.
How?
The fusion of AI & ML, behavioral modeling, and correlational intelligence helps you unlock the enemy’s mind, along with:
✅ Early detection of attacker infrastructure;
✅ Vulnerability prioritization based on exploitation likelihood;
✅Risk scoring tied to business-impact mapping;
✅ Pre-emptive actions or faster-time-to-response, and more.
But let’s be clear — predictive analytics isn’t a silver bullet. Without high-quality data, human-in-the-loop validation, and contextual feedback, it will only be a vanity tool.
Read all about it and witness how this quiet catalyst is reshaping cyber defenses.
Start early and get the predictive advantage with Group-IB.
#PredictiveAI #Cybersecurity #AI #RiskManagement #ThreatIntelligence #DataProtection #FightAgainstCybercrime
While the world rides the hype wave of GenAI, Predictive AI is quietly building your real advantage in cybersecurity.
How?
The fusion of AI & ML, behavioral modeling, and correlational intelligence helps you unlock the enemy’s mind, along with:
✅ Early detection of attacker infrastructure;
✅ Vulnerability prioritization based on exploitation likelihood;
✅Risk scoring tied to business-impact mapping;
✅ Pre-emptive actions or faster-time-to-response, and more.
But let’s be clear — predictive analytics isn’t a silver bullet. Without high-quality data, human-in-the-loop validation, and contextual feedback, it will only be a vanity tool.
Read all about it and witness how this quiet catalyst is reshaping cyber defenses.
Start early and get the predictive advantage with Group-IB.
#PredictiveAI #Cybersecurity #AI #RiskManagement #ThreatIntelligence #DataProtection #FightAgainstCybercrime
👍4❤1
Empty shelves, lost customers, and hundreds of millions of pounds in lost profit are just some of the outcomes that retailers have faced in the wake of recent ransomware attacks.
From the Co-operative to M&S, the recent cyber attacks on UK retail giants have dominated headlines and wreaked havoc that’s been felt by customers, staff, and government officials alike.
The culprits behind it? A highly organised group of ransomware specialists, codename: DragonForce.
In this episode, we unpack how DragonForce evolved into a ransomware cartel, franchising their malware to affiliates like Scattered Spider, whose sophisticated social engineering tactics have significantly disrupted UK retail. We explore the wide-ranging impact on both businesses and consumers, offering insights into how each can better protect themselves. Finally, they examine the role of policy and regulation in preventing future attacks and strengthening cyber resilience.
Available now on Spotify and Apple Podcasts.
From the Co-operative to M&S, the recent cyber attacks on UK retail giants have dominated headlines and wreaked havoc that’s been felt by customers, staff, and government officials alike.
The culprits behind it? A highly organised group of ransomware specialists, codename: DragonForce.
In this episode, we unpack how DragonForce evolved into a ransomware cartel, franchising their malware to affiliates like Scattered Spider, whose sophisticated social engineering tactics have significantly disrupted UK retail. We explore the wide-ranging impact on both businesses and consumers, offering insights into how each can better protect themselves. Finally, they examine the role of policy and regulation in preventing future attacks and strengthening cyber resilience.
Available now on Spotify and Apple Podcasts.
❤5👍3🔥3
This media is not supported in your browser
VIEW IN TELEGRAM
🚨 ATM switch attack involving a Raspberry Pi, CAKETAP rootkit, and new TTPs uncovered.
Following a complex Incident Response operation, Group-IB attributed this sophisticated intrusion to threat actor UNC2891.
Key findings:
🔹 Attackers physically accessed the bank’s infrastructure to plant a Raspberry Pi, connecting it to the same switch as the ATM.
🔹 Their objective? Target the ATM switch server and deploy CAKETAP—a rootkit designed to spoof HSM authorization responses and enable fraudulent cash withdrawals.
🔹 Even after removing the device, attackers maintained persistence via a backdoor on the mail server, using TINYSHELL and Dynamic DNS for C2.
🔹 They leveraged an unpublished anti-forensics technique, now recognized as MITRE ATT&CK T1564.013, allowing them to remain hidden from standard detection tools.
👏 Kudos to the Mandiant team for their work on UNC2891.
Learn how it was uncovered and how to defend against it.
#CyberSecurity #LinuxSecurity #ATMSecurity
Following a complex Incident Response operation, Group-IB attributed this sophisticated intrusion to threat actor UNC2891.
Key findings:
🔹 Attackers physically accessed the bank’s infrastructure to plant a Raspberry Pi, connecting it to the same switch as the ATM.
🔹 Their objective? Target the ATM switch server and deploy CAKETAP—a rootkit designed to spoof HSM authorization responses and enable fraudulent cash withdrawals.
🔹 Even after removing the device, attackers maintained persistence via a backdoor on the mail server, using TINYSHELL and Dynamic DNS for C2.
🔹 They leveraged an unpublished anti-forensics technique, now recognized as MITRE ATT&CK T1564.013, allowing them to remain hidden from standard detection tools.
👏 Kudos to the Mandiant team for their work on UNC2891.
Learn how it was uncovered and how to defend against it.
#CyberSecurity #LinuxSecurity #ATMSecurity
❤12
Media is too big
VIEW IN TELEGRAM
Your defenses depend on more than technology.
They depend on how your people act under pressure.
Our Human-Centric Cybersecurity Assessments guide shows you how to test and improve readiness at every level — from end users to SOC and IR teams.
Written by Group-IB experts with proven use cases and role-by-role guidance. Download Now!
#Cybersecurity #IncidentResponse #HumanFactor #SOC #Training
They depend on how your people act under pressure.
Our Human-Centric Cybersecurity Assessments guide shows you how to test and improve readiness at every level — from end users to SOC and IR teams.
Written by Group-IB experts with proven use cases and role-by-role guidance. Download Now!
#Cybersecurity #IncidentResponse #HumanFactor #SOC #Training
👍9❤7
Curious how to actually plan, enrich, automate, and defend using CTI—beyond the theory?
Following the launch of our eBook, this webinar has been highly requested—and now it’s here.
Join our experts as they cut through the fluff and show you how to make cyber threat intelligence work for your business.
📅 Mark your calendars:
September 4 | ⏰ 10:00 AM CEST (GMT+2)
We’ll discuss:
1️⃣ The CTI signals, concepts, and frameworks that power real defense
2️⃣ Why most CTI programs fail to deliver impact—and how to fix that
3️⃣ How to understand attackers and collect evidence-based intelligence for smarter defenses
4️⃣ Real-world examples and advanced use cases of CTI
5️⃣ Expert guidance on building a CTI function that drives action, proves ROI, and creates measurable impact
Register Now!!
#CyberSecurity #InfoSec #ThreatIntelligence #DataProtection #CTIWebinar
Following the launch of our eBook, this webinar has been highly requested—and now it’s here.
Join our experts as they cut through the fluff and show you how to make cyber threat intelligence work for your business.
📅 Mark your calendars:
September 4 | ⏰ 10:00 AM CEST (GMT+2)
We’ll discuss:
1️⃣ The CTI signals, concepts, and frameworks that power real defense
2️⃣ Why most CTI programs fail to deliver impact—and how to fix that
3️⃣ How to understand attackers and collect evidence-based intelligence for smarter defenses
4️⃣ Real-world examples and advanced use cases of CTI
5️⃣ Expert guidance on building a CTI function that drives action, proves ROI, and creates measurable impact
Register Now!!
#CyberSecurity #InfoSec #ThreatIntelligence #DataProtection #CTIWebinar
🔥8👍7
Cybercriminals are no longer experimenting—they’re executing. Deepfake vishing is now a fully operational threat, using AI to clone voices and manipulate victims with unprecedented precision. Our latest blog breaks down how these attacks work and how to defend against them.
Key highlights:
🔹 Deepfake‑related fraud attempts in Asia-Pacific surged 194% in 2024 compared to 2023, with voice‑based scams leading the rise.
🔹 Voice clones crafted from just a few seconds of public audio
🔹 AI voice cloning platforms used to mimic tone, accent & emotion.
🔹 Caller ID spoofing via VoIP increases perceived credibility of scam calls.
🔹 Financial institutions report average losses of US$600,000 per attack.
🔹 Less than 5% of stolen funds are ever recovered.
The blog explores the full attack chain, real-world cases, and practical countermeasures to help organizations stay ahead. Read the full analysis here.
#CyberSecurity #Deepfake #ThreatIntelligence #InfoSec #FightAgainstCybercrime
Key highlights:
🔹 Deepfake‑related fraud attempts in Asia-Pacific surged 194% in 2024 compared to 2023, with voice‑based scams leading the rise.
🔹 Voice clones crafted from just a few seconds of public audio
🔹 AI voice cloning platforms used to mimic tone, accent & emotion.
🔹 Caller ID spoofing via VoIP increases perceived credibility of scam calls.
🔹 Financial institutions report average losses of US$600,000 per attack.
🔹 Less than 5% of stolen funds are ever recovered.
The blog explores the full attack chain, real-world cases, and practical countermeasures to help organizations stay ahead. Read the full analysis here.
#CyberSecurity #Deepfake #ThreatIntelligence #InfoSec #FightAgainstCybercrime
🔥3❤2👍2
🚨 Our latest investigation into AI trading scams is out now!
Fraudsters are evolving fast using deepfakes, AI-generated content, and localized scam infrastructure to target unsuspecting investors around the world.
The key findings:
🔹 Deepfake videos of public figures used to promote fake AI trading platforms
🔹 Entire networks of YouTube channels, fake blogs, and social media accounts engineered to build credibility
🔹 Scam websites dynamically adapt to users' IP address and language to appear region-specific and trustworthy
🔹 Dozens of malicious domains tied to just a few registrants revealing a coordinated global fraud operation
🔹 Sensitive personal data including IDs and credit cards harvested under the guise of “KYC verification”
All this, plus expert analysis, real-world case studies, and technical insights in our full report. Read the full investigation now.
#AI #CyberSecurity #Deepfake #InvestmentScams #ThreatIntel #FightAgainstCybercrime
Fraudsters are evolving fast using deepfakes, AI-generated content, and localized scam infrastructure to target unsuspecting investors around the world.
The key findings:
🔹 Deepfake videos of public figures used to promote fake AI trading platforms
🔹 Entire networks of YouTube channels, fake blogs, and social media accounts engineered to build credibility
🔹 Scam websites dynamically adapt to users' IP address and language to appear region-specific and trustworthy
🔹 Dozens of malicious domains tied to just a few registrants revealing a coordinated global fraud operation
🔹 Sensitive personal data including IDs and credit cards harvested under the guise of “KYC verification”
All this, plus expert analysis, real-world case studies, and technical insights in our full report. Read the full investigation now.
#AI #CyberSecurity #Deepfake #InvestmentScams #ThreatIntel #FightAgainstCybercrime
❤6