Group-IB

A cybercrime investigation rarely ends with a single arrest. It starts with fragments of evidence, spans multiple jurisdictions, and depends on defenders working together across borders to turn intelligence into action. In Episode 1 of Season 2 of MaskedActors, Gary Ruddell sits down with Craig Jones, Independent Strategic Advisor at Group-IB, to explore the realities of international cybercrime investigations and the people behind them. Drawing on decades of experience in cyber defence and law enforcement, Craig shares what it takes to coordinate global operations, disrupt criminal networks, and protect communities from digital threats. Because behind every headline-making takedown is a network of defenders making it possible. 🎧 Hear the stories behind international cybercrime investigations. Stream Episode 1 on Spotify: https://ow.ly/jMnn50ZhqCt Apple Podcasts: https://ow.ly/6cpy50ZhqCs #MaskedActors #Cybersecurity #CyberCrime #Defenders #ThreatIntelligence #Podcast #FightAgainstCybercrime

A RAT rewritten. A threat multiplied. Group-IB researchers have uncovered the latest evolution of Millenium RAT, which has shifted from .NET to native C++, removing framework dependencies while continuing to abuse Telegram Bot API for command and control. Key findings from the investigation: 🔹 Over 62,000 compromised endpoints identified across 160+ countries (top targets: India, US & Brazil), with more than 39,000 infections recorded in Q1 2026 alone. 🔹 Millenium RAT (v4.x) introduces a native C++ architecture and relies entirely on standard Windows API calls. Its config is obfuscated via Base64 + custom XOR within an embedded PE resource. 🔹 The malware is offered as Malware-as-a-Service, with subscriptions starting at just $50, lowering the barrier to entry for threat actors. 🔹 Utilizing Telegram Bot API enables resilient infrastructure while supporting credential theft, keylogging, browser data extraction, webcam/audio capture, payload delivery, and ransomware capabilities. Our latest technical analysis also profiles the developer "ShinyEnigma" and cluster “Y2K Operators”, examines the malware's configuration and command structure, and tracks the campaigns driving its global spread. Read the full analysis: https://lnkd.in/g8qK73de #ThreatIntelligence #MalwareAnalysis #CyberThreats #ThreatResearch #InfoSec #FightAgainstCybercrime

What an incredible two days in Istanbul! 🇹🇷 Group-IB was proud to host "The New Era of Cyber Warfare & AI-Driven Fraud," bringing together C-level executives from the banking, government, e-commerce, telecommunications, and other key industries across Egypt, Jordan, Qatar, Morocco, and Libya. The event featured high-level strategic discussions on the evolving cyber threat landscape, AI-driven fraud, digital resilience, and the importance of intelligence-led cybersecurity. Beyond the sessions, it was a great opportunity to exchange ideas, strengthen partnerships, and build meaningful connections with industry leaders from across the region. A big thank you to all our customers, speakers, partners, and the Group-IB team for making this event a great success. We look forward to continuing these conversations and working together to stay ahead of emerging cyber threats. #GroupIB #CyberSecurity #AIFraud #ThreatIntelligence #DigitalResilience #FinancialCrime #Istanbul #Leadership #FightAgainstCybercrime

Every major sporting event attracts fans. It also attracts fraudsters. Ahead of the world's biggest football tournament, Group-IB researchers uncovered six distinct fraud schemes, identified four independent threat actors, and detected more than 4,300 fraudulent domains impersonating official tournament-related web properties. Join Gary Ruddell as he hosts Yuan Huang, Global Fraud Intelligence Lead at Group-IB, for a fireside chat as they unpack how cybercriminals are exploiting football's biggest stage, the tactics they use to deceive fans, and what organizations and consumers can do to stay protected. 📅 Tuesday, 30 June 2026 ⏰ 09:15 UK time Register here: https://lnkd.in/gb27AkmR #CyberSecurity #FraudPrevention #CyberCrime #ThreatIntelligence #FraudDetection #OnlineSafety #FightAgainstCybercrime

Security leaders are under pressure to prove they're prepared for a cyber crisis. But Most organisations can barely find time to prepare for the next audit, let alone simulate a ransomware attack, validate regulatory reporting processes, review incident response playbooks, conduct threat hunting, and train teams for a crisis that may/ may not happen. So preparedness often becomes a checkbox exercise. The plan exists. The boxes are ticked. Until an incident happens. And suddenly the questions become very real: 🔹 Who is leading the response? 🔹 Can external responders engage immediately? 🔹 Has this process ever been tested in the current environment? 🔹 Do legal, risk, communications, and security teams know exactly what happens next? The uncomfortable reality is that many organisations don't have a preparedness problem. They have a capacity problem. Our latest blog explores 7 signals that indicate response readiness may be falling behind today's threat realities, and what security leaders can do to close the gap. Read more: https://lnkd.in/g6r36HPB #CyberSecurity #IncidentResponse #Ransomware #RiskManagement #SecurityAwareness #Compliance #FightAgainstCybercrime

🎭 Behind every major cyberattack is an adversary constantly evolving. Today, Group-IB unveils its Top 10 Masked Actors of 2026, a definitive ranking of the cybercriminal groups shaping the future of digital crime. Based on insights from more than 1,550 frontline investigations and extensive monitoring of the criminal underground, the report reveals how cybercrime has entered a new era where: 🔹 Supply chain compromise has become the ultimate force multiplier 🔹 Phishing-as-a-Service platforms are industrializing credential theft 🔹 State-backed and financially motivated actors are evolving at unprecedented speed 🔹 Commercialized attack ecosystems are lowering the barrier to entry for cybercriminals From Scattered Spider and Lazarus to emerging actors like DarkBlinders, the ranking goes beyond who these actors are. It explains why they matter and how their tactics are reshaping the threat landscape. Understanding adversaries is no longer optional. Predicting how they evolve is essential. Explore the Top 10 Masked Actors of 2026: https://lnkd.in/gQKBMhs4 #CyberSecurity #ThreatIntelligence #Cybercrime #MaskedActors #SupplyChainSecurity #Phishing #DigitalCrime #GroupIB

💫 Group-IB is proud to have participated in the ASEANAPOL Scam Combatting Operational Training Curriculum Development Workshop held at the Jakarta Centre for Law Enforcement Cooperation (JCLEC), Semarang, Indonesia, from 15 to 17 June 2026. The workshop brought together law enforcement practitioners from Thailand, Singapore, Indonesia, Brunei Darussalam, and Malaysia, alongside private sector representatives, to strengthen ASEAN's collective response to cross-border online scams. During the event, Group-IB's Vesta Matveeva, Head of Strategic Cybercrime Investigations, contributed to the workshop by sharing technologies for network intelligence mapping, investigation approaches, and Group-IB's Cyber Fraud Intelligence Platform (CFIP) as an example of a secure and transparent platform for intelligence exchange. Group-IB supports the important initiative led by ASEANAPOL SECRETARIAT to strengthen cross-border cooperation among anti-scam units and reduce the impact of online fraud across the ASEAN region. This effort closely aligns with our mission to fight against cybercrime and create a safer digital world. By bringing together law enforcement agencies, investigators, and industry experts, we can strengthen operational capabilities, enhance intelligence sharing, and improve our collective ability to disrupt transnational scam networks. As online scams continue to grow in scale and sophistication, collaboration between public and private sectors has never been more critical. Through initiatives like ASEANAPOL Scam Combat TaskForce (ASCOT), we can enhance operational capabilities, facilitate intelligence sharing, and build a stronger collective defense against cyber-enabled crime. Together with ASEANAPOL, Group-IB remains committed to advancing a safer digital environment and supporting efforts to combat online scams across ASEAN. #GroupIB #ASEANAPOL #ASCOT #Cybercrime #OnlineScams #FraudPrevention #Cybersecurity #ThreatIntelligence

You think you know who's behind the world's most devastating cyberattacks. But names are only the beginning. This season, Masked Actors returns with stories that go beyond the headlines, uncovering the operations, motivations, and real-world impact of the threats shaping today's digital landscape. Hear from the researchers, investigators, journalists, and reformed hackers who spend their days tracking the actors most people never see. From attacks that began with a single phone call or trusted email to schemes that stole hundreds of thousands through everyday transactions, these stories aren't hypothetical. They're happening now. 🎙️ Masked Actors: Season Two Coming soon. #MaskedActors #Cybercrime #ThreatIntelligence #CyberSecurity #DigitalCrime #ThreatResearch #Podcast #FightAgainstCybercrime

🚨 Criminal networks are increasingly weaponizing subscription-based content platforms to recruit, coerce, and exploit vulnerable people. The scale is larger than many realize. Group-IB contributed intelligence support to Operation CyberProtect III (19–22 May 2026), a joint law enforcement operation co-organized by INTERPOL and the OSCE, targeting the growing exploitation of subscription-based content platforms to facilitate human trafficking and sexual exploitation. Using its Threat Intelligence Graph and analyst expertise, Group-IB helped investigators map criminal infrastructure, identify recruitment channels, trace financial flows, and uncover additional potential threat actor infrastructure. Key findings from the operation: 🔹 Recruiters using encrypted messaging platforms to target victims, including requests for nude images without age verification 🔹 Content producers being bought and sold, with one messaging group containing up to 28,000 advertisements 🔹 AI-generated fake profiles used to support and scale exploitation operations 🔹 Cryptocurrency and virtual currencies used as payment mechanisms, with rates as low as USD 3 for 25 minutes of private content This is what adversary-centric intelligence looks like in practice: tracing the infrastructure, recruitment channels, and financial flows criminal networks rely on, so investigators can act on verified intelligence and disrupt exploitation. Read the full press release: https://lnkd.in/giMsBX8u #CyberSecurity #LawEnforcement #OnlineExploitation #ThreatIntelligence #INTERPOL #HumanTrafficking #FightAgainstCybercrime

From 9 to 11 June 2026, Asdrúbal Veloz Fariñas, Group-IB’s representative in Latin America, participated in an INTERPOL’s coordination meeting, held in Lima, Peru. The international initiative brought together law enforcement agencies from across the Americas to strengthen cooperation against cybercriminal groups and related cyber-enabled crimes. During the event, participants exchanged intelligence, investigative best practices, and insights on emerging threats affecting multiple jurisdictions. As part of the program, Asdrúbal delivered a knowledge-sharing session on cybercrime investigations using Group-IB’s Threat Intelligence Platform and Graph. The session highlighted investigative methodologies, intelligence-driven approaches, and the role of public-private collaboration in supporting law enforcement efforts. Group-IB is grateful to INTERPOL for the opportunity to contribute to the event and discuss the challenges of cybercrime investigations with participating agencies. #CyberSecurity #ThreatIntelligence #LawEnforcement #INTERPOL #FightAgainstCybercrime