Group-IB Global

This Labor Day, the most dangerous hire isn't the one who failed the background check. It's the one who passed it. DPRK-linked IT workers are infiltrating companies through legitimate hiring pipelines, earning salaries, and exfiltrating data from the inside. Group-IB researchers have mapped exactly how it works. The numbers tell the story. Read the full blog here: bit.ly/4d3XzXX #ThreatIntelligence #DPRK #InsiderThreat #Infosec #LaborDay #GroupIB

💸 #Cryptocurrency promised huge potential for investors. But today, it’s cybercriminals who are capitalizing the most. From multimillion-dollar #ransomware payouts to borderless money laundering, #crypto has quietly become the engine driving a global cybercrime economy. As regulations evolve across jurisdictions, gaps and inconsistencies remain. Combined with crypto’s borderless nature, this gives threat actors a simple advantage: operate where enforcement falls short. Groups like #TeamTNT have been quick to exploit exactly that. In this episode of Masked Actors, Group-IB’s Gary Ruddell and Nick Palmer are joined by Erica Stanford, Digital Asset, Crypto and AI Specialist at law firm @CMS_Law_Tax. She reveals the shadowy infrastructure and trail of crypto-enabled #cybercrime that keeps hacking gangs like TeamTNT moving. Understanding how these actors operate is key to anticipating threats and staying one step ahead in an increasingly hostile digital landscape. 🎧 Listen to the full episode: Spotify: open.spotify.com/episode/32k3B7… Apple Podcasts: podcasts.apple.com/us/podcast/tea…

🚨 Global smishing operations are becoming more organized, scalable, and dangerous. Group-IB’s latest research exposes the #Phoenix System, a Phishing-as-a-Service (#PhaaS) platform powering reward point scams, fake parcel delivery lures, and large-scale mobile #phishing campaigns worldwide. Key highlights: 🔹 SMS delivery via fake BTS to bypass carrier-level filtering and spoof trusted brands. 🔹 2,500+ phishing domains linked to the operation since January 2025. 🔹 More than 70 organizations targeted across finance, telecom, and logistics globally. 🔹 The phishing sites implement IP-based filtering and geofencing to precisely target victims within specific countries. 🔹 Shared infrastructure is found across reward scam and parcel delivery campaigns despite differences in their attack contexts and target audiences. 🔹 Both campaigns use the Phoenix System, successor to the Mouse System. 🔹 The phishing kits are distributed via a dedicated #Telegram ecosystem. Read how modern phishing has evolved into a full-service criminal ecosystem: link.group-ib.com/4tY0I2N #ThreatIntel #CyberCrime #InfoSec

According to the World Economic Forum's Global Cybersecurity Outlook 2026: - 63% of organizations in Sub-Saharan Africa lack critical cybersecurity skills - 65% in Latin America face the same shortage The global talent gap isn't just a pipeline problem. It's a systemic vulnerability. The organizations that close it fastest will survive what's coming next. 👉 Extend your team with Group-IB Managed XDR → bit.ly/48uMrSo #CyberSkillsGap #TalentShortage #MXDR

According to the World Economic Forum's Global Cybersecurity Outlook 2026: Confidence in cyber resilience is rising, but the threat landscape is rising faster. In 2025 alone, cyberattacks successfully hit: - Major retailers (M&S, Harrods, Co-op) - Manufacturers (Jaguar Land Rover) - European airports - A Norwegian hydroelectric dam Yet only 19% of organizations say their cyber resilience exceeds requirements. Knowing you're a target and being prepared to absorb the hit are two very different things. 👉 Bridge the gap with Group-IB's Attack Surface Management → bit.ly/3OO5Tms

AI is now the #1 driver of change in #cybersecurity. According to the World Economic Forum’s Global Cybersecurity Outlook 2026: - 94% of executives agree. But here's the uncomfortable truth: the same #technology defending your network is being weaponized against it. - 87% of practitioners say #AI vulnerabilities are the fastest-growing #cyberrisk. The arms race isn't coming. It's already here. Stay ahead of AI‑driven threats. Group-IB threat intel: bit.ly/3OHeJSW

🇮🇩 We recently joined @awscloud in Jakarta for the Indonesia Operations Banking Summit (IOBS) organised by the Forum Komunikasi Direktur Operasional Perbankan (FKDOP). It was a privilege meeting the banking operations leaders shaping how Indonesia's financial sector defends against digital fraud. We showcased two solutions built specifically for the high-stakes challenges facing financial institutions today: 🔹 Fraud Protection - Real-time fraud detection across web and mobile that stops attacks before they impact customers. 🔹 Cyber Fraud Intelligence Platform - Cross-institution fraud signal sharing that enables banks and payment providers to act on threats during the 'warm-up' phase before funds move. Both are available on AWS Marketplace, making deployment and procurement straightforward for institutions already in the AWS ecosystem. Our thanks to the FKDOP community for the insightful discussions on optimizing banking operations through innovation and security. ➡️ Let’s continue to make Indonesian banking safer together! Contact our team to learn: group-ib.com/talk-to-sales/ #Indonesia #FraudProtection #CyberSecurity #FinancialSecurity #DigitalFraud #CyberFraudIntelligence

⚠️ Every Attack has a face. We hunt it. Financial crime and extremism are more connected than most people realise and following the money is one of the most powerful tools we have. In this episode, we explore how leading cyber intelligence firm Group-IB is taking on one of the most complex challenges in financial crime today: 🔹 Tracking Financial Networks of Extremist Groups How investigators follow the money trail of extremist organisations uncovering hidden funding flows, crypto transactions, and financial infrastructure used to sustain these networks. 🔹 Linking Threat Actors to Extremist Groups How Group-IB connects the dots between threat actors and extremist networks using advanced cyber intelligence techniques building a full picture of who’s behind the activity. 🔹 Tracking Every Move The methodologies used to monitor, map, and anticipate the financial movements of these groups in real time leaving nowhere to hide. This is intelligence work at its most critical. Watch the full episode here: Spotify: open.spotify.com/episode/0PTww0… Apple Podcasts: podcasts.apple.com/us/podcast/the… YouTube: youtu.be/R93LaJyJKgI?si… #FraudIntel #GroupIB #ThreatIntelligence #ExtremistFinancing #FinancialCrime #CyberFraud #AML #FraudIntelPodcast

🚨 𝗔𝗱𝗮𝗽𝘁𝗶𝗻𝗴 𝘁𝗼 𝗡𝗲𝘄 𝗙𝗿𝗮𝘂𝗱 𝗘𝘃𝗮𝘀𝗶𝗼𝗻 𝗧𝗮𝗰𝘁𝗶𝗰𝘀 Fraudsters are getting smarter and their playbook is evolving fast. One of the most alarming trends? The deliberate use of defense evasive techniques to create mule accounts at scale making it harder than ever for banks to detect and disrupt fraudulent activity. In this episode, we break down: 🔹How fraudsters use sophisticated evasion tactics to set up mule accounts undetected 🔹What happens next, how these accounts are exploited to move and launder funds 🔹How banks are fighting back with smarter, adaptive detection strategies to stay ahead of increasingly complex scams The fraud arms race is real and this episode is essential listening for anyone in financial crime, risk, or compliance. Watch the full episode to uncover how today’s digital fraud ecosystem works and what it takes to stay ahead. Spotify: open.spotify.com/episode/0PTww0… Apple Podcasts: podcasts.apple.com/us/podcast/the… YouTube: youtu.be/R93LaJyJKgI?si… #FraudPrevention #Compliance #BankingSecurity #CyberSecurity #FraudIntel

Infrastructure behind these operations reveals industrialisation. Fraud networks rely on SIM farms generating legitimate French carrier IPs, rotating connections to bypass velocity checks while using anti-detect environments to manipulate device fingerprints and session signals. Read the full technical analysis here: link.group-ib.com/4sSzXLN

Threat actors bypass traditional KYC controls by weaponizing real victims. Fraudsters harvest personal data through #phishing campaigns, register accounts using stolen PII, and later socially engineer victims into completing the identity verification themselves, making the final #KYC sessions appear completely legitimate from the platform's perspective. #SocialEngineering

Freelancer #fintech platforms across Europe are increasingly targeted by organised fraud networks. Our latest research shows how fraudulent business accounts are being systematically created and traded, highlighting how business-grade payment infrastructure and fast remote onboarding have become attractive entry points for large-scale #financialcrime operations.

Wildfires spread. Floods surge. Grids fail. Behind every climate warning system, every emergency response network, every satellite monitoring the planet, there's digital infrastructure. Exposed. Targeted. Exploited. At Group-IB, we believe protecting the earth starts with protecting what runs it. Our teams work globally to secure critical systems; not just because it's business, but because this is the only planet we've got. Explore more: bit.ly/4clYKTo #WorldEarthDay #Sustainability #CriticalInfrastructure #GroupIB #CyberResilience

We are proud to share that Vesta Matveeva, Head of Strategic Cybercrime Investigations at Group-IB, has been shortlisted for the Woman of Influence category at the SC Awards Europe. 🎉 Over the past 14 years, Vesta has built a remarkable career in cybercrime investigations from starting as a digital forensics analyst to head of strategic cybercrime investigations that help disrupt international cybercriminal groups and support global law enforcement operations. Her dedication to cybercrime monitoring and its disruption impacts the threat landscape worldwide and brings value to public-private collaboration every day. Winners will be announced on June 3 at IET Savoy Place. #WomenInCybersecurity #CyberThreats #DigitalForensics #CyberSecurityExperts #CyberSecurity #Awards #FightAgainstCybercrime

✨We are proud to share that Dmitry Volkov, CEO of Group-IB, has been featured in the @itp_tech annual Security Leaders list among the top security leaders to watch in the Middle East. The list brings together some of the most influential voices shaping the Middle East's cybersecurity landscape, including prominent figures from public and private sectors and other key technology and security organizations. This recognition reflects the growing impact of cybersecurity leadership in strengthening digital resilience across the Middle East and highlights the continued relevance of Dmitry Volkov’s contributions at the forefront of cyber defense innovation. A well-earned acknowledgment in a highly competitive and influential ecosystem. 👏 Read the full article: itp.net/listing/the-mi… #Cybersecurity #DigitalResilience #InfoSec #CyberDefense #SecurityLeaders #GroupIB #FightAgainstCybercrime

🚨Most attacks on European manufacturers start outside the factory — on underground forums, weeks before sensors flag anything. Our new report documents 228 ransomware attacks, 57 OT access claims, and 120 access broker incidents across six countries. Eight threat actor profiles. Actionable recommendations. Download here: link.group-ib.com/4mGl2CS #Ransomware #CyberSecurity #Hacktivism #ThreatIntelligence #EuropeanManufacturing

🚨 Digital Fraud Exposed: The New Age of Account Scams Fraud has gone cyber, and the networks behind it are more organised and harder to detect than ever. In this episode, we pull back the curtain on: 🔹 Tracking Threat Actor Groups: How cyber fraud teams identify and monitor organised groups linked to mule and fraudster accounts, mapping connections that traditional fraud tools often miss. 🔹 Uncovering the Mule Network: The techniques used to expose the hidden infrastructure behind money mule operations, from account clustering to behavioural pattern analysis. 🔹 #GPSSpoofing and Location Manipulation: How fraudsters simulate GPS locations to bypass geo-based security controls and how the industry is working to detect and counter it. This is the frontline of #financialcrime intelligence. Watch the full episode to understand how today’s #digitalfraud ecosystem operates and what it takes to stay ahead: Spotify: open.spotify.com/episode/0PTww0… Apple Podcasts: podcasts.apple.com/us/podcast/the… YouTube: youtu.be/R93LaJyJKgI?si… #CyberSecurity #FraudDetection #ThreatIntelligence

Over 300 companies hired them. Gave them system access. Paid them salaries.None of them were real. Linked to North Korea's Lazarus group, these were synthetic remote workers. AI-generated CVs. Deep Fake interviews. stolen or fabricated identities that cleared background checks and on boarded into legitimate organizations, only to siphon funds to their government from the inside.. This is not a future threat scenario. It already happened. And the hiring pipelines that allowed it are still running at most companies today. the current working reality (remote work) has made the conditions more favorable for cybercriminals. Generative AI made it invisible. The synthetic insider is not knocking at the door. In over 300 cases, they already have a desk. Run a search on every remote hire you made in the last two years. Then read the Weaponized AI report and understand exactly how this was done: bit.ly/4cnOc4U #SyntheticInsiders #WeaponizedAI #InsiderThreat #Lazarus #GroupIB #CyberSecurity

Between January and August 2025, one #financialinstitution faced 8,065 deepfake fraud attempts. Criminals used AI-generated photos to impersonate real applicants and bypass KYC checks for loan applications. Of the combined attempts from September 2024 to August 2025, 80% occurred in the January–August 2025 period alone. That acceleration is not a coincidence. The number of unique usernames selling #deepfake services grew 233% year on year between 2023 and 2024. The market is scaling faster than most security teams are adapting. Traditional verification, voice recognition, document checks, transaction monitoring is no longer enough when the voice is synthetic and the face is generated. The question is not whether your organization will be targeted. It is whether your defenses were built for the threat that exists today. If you lead security for your organization, this report was written for you. See what Group-IB found inside the criminal #AI ecosystem and what defenders must do next. Download the white paper here: bit.ly/4cnOc4U

A finance worker in Hong Kong joined what looked like a routine video call. His CFO was there. So were several colleagues. He approved a transfer of $25 million. "Every person on that call was a deepfake." In the UK, a CEO wired €220,000 (approximately $243,000) after a cloned voice convincingly posed as his parent company's chief executive. In the UAE, $35 million moved on the strength of forged emails and deepfake audio. Verified deepfake fraud losses reached $347 million in Q2 2025 alone. One quarter. The tools that made this possible are available to anyone, right now, for less than a Netflix subscription. Before your next video call, know what you are up against. See how these attacks are built, step by step, in the Weaponized AI report: bit.ly/4cnOc4U #Deepfake #WeaponizedAI #SocialEngineering #GroupIB