Group-IB Global

✨ We are proud to announce a new strategic partnership between Group-IB and Copy Cat Group, East Africa’s largest systems integrator. The collaboration aims to strengthen cybersecurity resilience for enterprises across Kenya, Uganda, Rwanda, and Ethiopia by combining Group-IB’s predictive threat intelligence and adversary-centric expertise with Copy Cat Group’s deep regional market presence. Through this partnership, Group-IB's Unified Risk Platform will be introduced to the East African market through Copy Cat Group's enterprise ecosystem. The platform integrates predictive threat intelligence, digital risk protection, attack surface management, managed XDR, business email protection, and fraud prevention into a unified architecture enabling organizations to proactively identify and stop threats before they escalate. The partnership was introduced during the Africa CISO Summit in Nairobi, where cybersecurity leaders gathered to discuss the evolving threat landscape in the region. As cybercrime continues to accelerate globally, strong regional partnerships play a critical role in strengthening collective cyber resilience. Read the full announcement: link.group-ib.com/4duIlNe #Cybersecurity #ThreatIntelligence #RiskManagement #DigitalSecurity #CyberDefense #Africa #CyberPartnership

🚨 A new ransomware operation, #TheGentlemen, has emerged following an affiliate split revealing how #threatactors evolve from partners to independent operators while retaining advanced tooling, infrastructure, and access pipelines. Our latest analysis explores how this group is operationalizing large-scale attacks by combining exploited network devices, #credentialharvesting, and advanced defense evasion techniques. Key highlights: 🔹 Maintains an inventory of approximately 14,700 compromised FortiGate devices exploited via CVE-2024-55591, offered to affiliates for initial access. 🔹 Separate from exploited devices, the operators maintain over 900 validated brute-forced FortiGate VPN credentials ready for attack. 🔹 Employs Bring-Your-Own-Vulnerable-Driver (BYOVD) techniques to terminate EDR/AV processes at kernel level. 🔹 Approximately 94 organizations have already been attacked by this threat group. 🔹 Active reconnaissance and exploit development targeting SonicWall VPN, Cisco ASA appliances, and Oracle E-Business Suite (EBS), attempting to replicate the Cl0p Oracle exploitation campaigns observed in 2025. 🔹 Ongoing reverse-engineering of #Babuk, #Qilin, LockBit 5.0, and Medusa ransomware samples to extract and integrate superior encryption routines, obfuscation techniques, and #EDR bypass mechanisms into The Gentlemen codebase. The case highlights how modern #ransomware groups are evolving into efficient, highly automated operations built around scalable access and modular tooling. Read the full technical analysis: link.group-ib.com/41defXc

Your dream job could actually be a scam. ⚠️ Fake job listings are rising across platforms like LinkedIn and Indeed, with scammers using AI, deepfakes, and convincing recruitment tactics to steal personal and financial information. Job scams caused $501 million in losses in 2024. Attempts surged over 1,000% in 2025. In this carousel, learn how these scams work, the red flags to watch for, and how to protect yourself while job hunting. Stay informed. Stay vigilant. #CyberSecurity #ScamAwareness #JobScams #OnlineSafety #GroupIB #RecruitmentScams

Every cybercrime has a face. Supply chain attacks do too, even if they sound abstract. 🔹 Scattered Spider 🔹 Lazarus 🔹 HAFNIUM 🔹 Shai Hulud 🔹 888 🔹 DragonForce These are not just combinations of letters. They are key groups behind supply chain compromises shaping 2026. Read everything you need to know about them: link.group-ib.com/3NapJrk #CyberSecurity #SupplyChainAttack #InfoSec #ThreatActors #CyberThreats #Lazarus

🚨 Supply chain attacks are evolving and a single compromise can impact dozens of organizations. Threat actors exploit trusted vendors, SaaS platforms, open-source dependencies, and compromised identities to move across entire ecosystems. Join our webinar “How One Breach Triggers Many in Supply Chain Attacks” to explore insights from the Group-IB High-Tech Crime Trends 2026 Report. We’ll cover: ✅ Phishing-driven identity compromise ✅ AI-powered social engineering ✅ Ransomware trends ✅ Key threat actors ✅ The 2026 cyber threat forecast Sessions available in multiple languages: 🇬🇧 English — Mar 17 | 15:00–16:00 CET 🇩🇪 German — Mar 25 | 15:00–15:45 CET Register now and stay ahead of the threat landscape: English: link.group-ib.com/4cUBM6B German: link.group-ib.com/4cOSUdU #SupplyChainSecurity #CyberSecurity #Phishing #Ransomware #Webinar #HTCT2026

Some of these campaigns are linked to #Darcula, a Chinese-language Phishing-as-a-Service (PhaaS) platform offering 20,000+ domains and 200+ phishing templates used across 100+ countries. As delivery-themed scams expand into telecom, mobility apps, and bill payments, the use of WebSocket-driven keylogging shows how PhaaS providers are industrializing real-time data theft. Read the full technical analysis: link.group-ib.com/4djRicb

At the technical level, phishing pages embed scripts that establish persistent #WebSocket connections to attacker-controlled servers. This allows real-time keylogging and exfiltration of victim inputs including personal information, card numbers, CVV codes, and OTPs as soon as they are entered. The pages also generate UUID session identifiers, enabling attackers to track each victim session and manage credential harvesting operations at scale. #cyberattack

Fake shipment tracking #scams are rapidly scaling across the #MEA region, exploiting the 161B annual parcel volume that fuels global e-commerce. Attackers use Sender ID spoofing to insert #phishing messages directly into legitimate courier SMS threads, claiming failed deliveries. Victims who click to "update address details" or "pay small fees" are led to pages stealing both credentials and payment data in a two-stage theft process. #ThreatIntel

Te invitamos este webinar exclusivo de Group-IB, basado en el Informe sobre Tendencias en Delitos de Alta Tecnología 2026, donde analizaremos cómo los ataques a la cadena de suministro se han convertido en la fuerza dominante que está redefiniendo el panorama global de ciberamenazas y sus implicaciones para las organizaciones a nivel mundial y en Latinoamérica. ¡No te lo pierdas! 🗓️ Miércoles 8 de Abril ⏰ 10:00 México / 11:00 Colombia, Ecuador, Perú / 12:00 Chile / 13:00 Brasil Durante la sesión descubrirás: 🔹 Por qué los ataques a la cadena de suministro son hoy la principal amenaza global 🔹 Cómo se propagan los compromisos a través de ecosistemas interconectados 🔹 Qué deben priorizar las organizaciones para interrumpir las cadenas de ataque antes de que se produzcan daños 🔗 Regístrese ahora: link.group-ib.com/3P8xw9w #Ciberseguridad #CadenaDeSuministro #DelitosTecnologicos #Webinar #AmenazasGlobales #SeguridadInformática #ProteccionDigital

Group-IB is proud to have supported @INTERPOL_HQ's Operation Synergia III, a global cybercrime operation targeting malicious infrastructure used in phishing, malware, ransomware, and online fraud campaigns. Conducted between July 2025 and January 2026, the international operation brought together law enforcement from 72 countries and territories, resulting in: 🔹 94 arrests (with 110 additional individuals under investigation) 🔹 45,000+ malicious IP addresses and servers taken down 🔹 212 electronic devices and servers linked to cybercriminal activity are seized. During the operation, authorities uncovered several large-scale criminal schemes across multiple regions. In Macau, China, investigators identified more than 33,000 phishing and fraudulent websites impersonating casinos, banks, and government services to steal personal and payment data. In Togo, police dismantled a fraud ring involved in social media account hacking, romance scams, and sextortion. Meanwhile, in Bangladesh, authorities arrested 40 suspects linked to loan scams, job fraud, identity theft, and credit card fraud, seizing more than 130 electronic devices used in the operations. As part of the operation, Group-IB provided threat intelligence on phishing infrastructure and malicious servers used by cybercriminal networks. Leveraging its adversary-centric threat intelligence, the company shared information on phishing domains, hosting infrastructure supporting those campaigns, and servers distributing malware such as infostealers, helping investigators identify and disrupt cybercriminal infrastructure across multiple jurisdictions. Operations like Synergia III demonstrate the critical role of public-private collaboration in dismantling cybercriminal ecosystems and strengthening global cyber resilience. 🔗 Read the full press release: link.group-ib.com/4usLjb2 #ThreatIntelligence #Cybersecurity #LawEnforcement #INTERPOL #Ransomware #Phishing @INTERPOL_Cyber

Digital fraud has evolved into a sophisticated, industrial-scale operation. Behind every fraudulent transaction lies a complex web of mule accounts, coordinated networks, and advanced evasion tactics designed to bypass traditional defenses. In Episode 3 of our Fraud Series, Andrei Loshchev and Maxim Baldakov take a deep dive into the mechanisms powering modern financial crime and uncover how fraudsters are scaling their operations globally. In this episode, we explore: 🔹 The new age of account scams and how fraud operations are becoming increasingly organized 🔹 Evolving fraud evasion tactics used to bypass financial safeguards 🔹 Financial network tracking, including how mule accounts are leveraged to move illicit funds 🔹 The multilayered tactics used by modern fraudsters to orchestrate large-scale digital fraud Understanding how mule networks operate is critical for organizations looking to strengthen their fraud detection and disruption capabilities. Watch the full episode to uncover how today’s digital fraud ecosystem works and what it takes to stay ahead. Spotify: open.spotify.com/episode/0PTww0… Apple Podcasts: podcasts.apple.com/us/podcast/the… YouTube: youtu.be/s6jcU5fyEhs #DigitalFraud #FinancialCrime #FraudPrevention #FraudDetection #CyberSecurity #MuleAccounts #FinancialSecurity #FightAgainstCybercrime #FraudIntel

✨ We are honored to have over 30 journalists from respected media outlets in Seoul, South Korea attend our inaugural High Tech Crime Trends Report 2026 media event. The discussion covered several major trends highlighted in the report, including the increasing role of supply chain attacks in today’s threat landscape. #HTCT2026 #CyberSecurity #SupplyChainSecurity #MediaEvent #InfoSec #Seoul

🎉 We are proud to announce the opening of our first Digital Crime Resistance Center (DCRC) in Santiago, Chile. This marks a strategic milestone in our global growth, reinforcing our commitment to delivering immediate, localized expertise to organizations and government partners across Latin America. The new DCRC integrates our full spectrum of capabilities from threat intelligence and fraud protection to digital forensics and incident response into a unified framework designed for speed and precision. By combining on-the-ground threat research with our global intelligence network, we are moving beyond traditional defense to empower the region with a proactive, adversary-centric approach to fighting digital crime. Read More: link.group-ib.com/4br99LX #Cybersecurity #Chile #DCRC #ThreatIntelligence #IncidentResponse #DigitalForensics

🌙 As we enter the final days of Ramadan, generosity and charitable giving reach their peak and so does scam activity. Our findings reveal how threat actors are exploiting the season through coordinated phishing campaigns, AI-generated deepfakes, and large-scale scam infrastructure designed to harvest personal and financial information. In the week leading up to Ramadan alone, over 6,150 scam and phishing resources were detected, with fraudsters leveraging social media, fake charity campaigns, and “guaranteed reward” offers to manipulate trust and urgency. Our analysis breaks down how these scams operate and the patterns behind them so you know what to watch out for. Swipe through to understand the tactics and learn how to stay safe this Ramadan. Understanding how these campaigns work is critical to preventing exploitation during one of the most trusted and generous times of the year. How to protect yourself this Ramadan 🔹 Pause Before You Click: Avoid clicking links sent via SMS, WhatsApp, or DMs. Treat urgent requests for Zakat or iftar donations with extreme skepticism. 🔹 Verify the Source, Not the Message: Do not trust a message just because it uses a familiar logo. Manually type official URLs into your browser rather than clicking provided links. 🔹 Beware of "Guaranteed Wins": Legitimate contests do not guarantee success for every participant. If a "survey" or "spin-the-wheel" game says you’ve won regardless of your answers, it is a scam. 🔹 Official Channels Only: Donate to charities only through verified government portals or well-known, established organizations. 🔹 Report, Don’t Share: If you encounter a suspicious link, report it to the social media platform and your local cybercrime authority. Never share the link with your contacts. Awareness is the first line of defense. #CyberSecurity #ScamAwareness #Ramadan2026 #Phishing #ThreatIntelligence #OnlineSafety #CyberThreats #GroupIB #FightAgainstCybercrime

🚨Don’t get left behind. Cyber threats are evolving faster than ever, and staying ahead requires understanding how attackers operate today. Join Salah Shalaby on March 31 as he breaks down key insights from the High-Tech Crime Trends Report 2026, including how threat actors are exploiting supply chain vulnerabilities and what security teams must do to stay resilient. This session will equip security professionals with the knowledge needed to anticipate and defend against the next wave of cyber threats. 📅 Date: March 31 ⏰ Time: 11 AM (GMT+3) 🎟 Secure your seat: link.group-ib.com/4r5TXcE #Cybersecurity #CyberThreats #HighTechCrime #ThreatIntelligence #GroupIB #InfoSec #SupplyChainSecurity #HTCT2026 #FightAgainstCybercrime

🔗 Discover Group-IB CSPM: group-ib.com/products/cloud…

#Cloudbreaches rarely start with sophisticated hacking. They start with a misconfiguration. In fact, 96.8% of organizations have cloud misconfigurations across their environments. With companies running workloads across #AWS, #Azure, GCP, and other platforms, security teams are often left managing fragmented visibility, delayed alerts, and compliance checks that become outdated the moment infrastructure changes. That’s where Group-IB Cloud Security Posture Management (CSPM) comes in. 🔹 Unified visibility across multi-cloud environments 🔹 Continuous compliance monitoring 🔹 CI/CD pipeline security 🔹 Threat-aware prioritization with integrated Group-IB Attack Surface Management and Threat Intelligence Instead of just flagging risks, Group-IB #CSPM helps you focus on the exposures attackers are actively targeting right now. 🎥 Watch the video to learn more.

Group-IB was proud to host the 2026 Paris FIRST Technical Colloquium on February 9-10 - bringing together cyber threat intelligence professionals, CERTs, SOC analysts, incident responders, and cyber defense teams from across Europe and beyond. 📽️ Check out some of the moments from the event. Thank you to all who participated! #FIRSTPARIS2026 #CyberSecurity #IncidentResponse #ThreatIntel #ParisEvents #TechColloquium #CERTTeams #FightAgainstCybercrime