Group-IB: Difference between revisions

Browse history interactively ← Previous editContent deleted Content addedVisual WikitextInline

Revision as of 11:11, 23 September 2024 view sourceC.Fred (talk \| contribs)Autopatrolled, Administrators278,311 editsm Reverted edit by 80.227.35.154 (talk) to last version by The wubTags: Rollback Reverted← Previous edit		Latest revision as of 23:00, 15 January 2025 view source MusikBot II (talk \| contribs)Bots, Interface administrators, Administrators104,348 editsm Adding missing protection template (more info)
(32 intermediate revisions by 18 users not shown)
Line 1:		Line 1:
			{{pp\|small=yes}}
			{{Short description\|Russian cybersecurity company}}
	{{Infobox company		{{Infobox company
	\| name = Group-IB		\| name = Group-IB
	\| type = ]		\| type = ]
	\| industry = ~~Cybersecurity~~		\| industry = Cybercrime
	\| founded = ~~2003~~		\| founded = ], ]
	\| key_people = Dmitry Volkov (CEO)		\| key_people = * Dmitry Volkov, CEO Singapore
			* Valery Baulin, CEO Moscow
	\| hq_location = Singapore
			* ], founder and owner (37.5%)
	\| num_locations = Singapore, Netherlands, UAE, Vietnam, Thailand, Uzbekistan, Chile
			\| hq_location_city = ] and ]
⚫	\| area_served = ~~Worldwide~~
			\| num_locations =
	\| products = Threat Intelligence, Fraud Protection, Managed Extended Detection and Response (XDR), Network Traffic Analysis, Sandbox, Endpoint Detection and Response (EDR), Attack Surface Management, Digital Risk Protection, Business Email Protection, Digital Forensics & Incident Response, Cybersecurity Audit & Consulting, Hi-Tech Cyber Crime Investigation, Cyber Education
		⚫	\| area_served =
			\| products =
	\| services =		\| services =
	\| num_employees = ~~300 (March 2024)~~		\| num_employees =
	\| website = ~~{{URL\|~~www.group-ib.com }}		\| website = *
			*
	}}		}}
	'''Group-IB''' is a ] ] company, ~~established~~ in 2003 ~~and headquartered~~ in ]. ~~The~~ ~~company~~ ~~creates~~ ~~cybersecurity~~ ~~technologies~~ to ~~investigate,~~ ~~prevent,~~ and ~~fight~~ ].		'''Group-IB''' is a ] company founded in 2003 in ]. In 2023, it split into two companies with a branch remaining in Moscow branded F.A.C.C.T. Group-IB and a branch in Singapore.

	Group-IB’s Digital Crime Resistance Centers are located in the ], ]<ref>{{Cite web \|last=Asia \|first=Times of Central \|date=2023-12-27 \|title=Group-IB Opens First Digital Crime Resistance Center in Central Asia - The Times Of Central Asia \|url=https://timesca.com/group-ib-opens-first-digital-crime-resistance-center-in-central-asia/ \|access-date=2024-09-20 \|language=en-US}}</ref>, ], and ].<ref>{{Cite web \|last=Page \|first=Carly \|date=2023-11-01 \|title=With its exit from Russia complete, Group-IB plans its US expansion \|url=https://techcrunch.com/2023/11/01/group-ib-united-states-expansion/ \|access-date=2024-09-20 \|website=TechCrunch \|language=en-US}}</ref>

	== History ==		== History ==

	~~Dmitry Volkov, who serves as the company’s CEO, co-founded~~ Group-IB ~~together~~ ~~with~~ ~~his~~ ~~university~~ ~~classmate,~~ ], in ~~2003~~.<ref>{{Cite web \|~~last~~=~~Knowles~~ ~~\|first=Catherine~~ ~~\|date=14 December 2023 \|title=Cybersecurity firm~~ Group-IB ~~tracks~~ ~~major~~ ~~new threat actor GambleForce~~ \|url=https://~~securitybrief~~.~~asia~~/~~story~~/~~cybersecurity~~-~~firm~~-group-ib-~~tracks~~-~~major-new~~-~~threat-actor-gambleforce~~ \|access-date=~~20 September~~ 2024 \|website=~~Security~~ ~~Brief~~ ~~Asia~~}}</ref> ~~Originally~~ ~~founded~~ ~~in Russia~~, ~~the~~ ~~company~~ ~~moved~~ ~~its~~ ~~headquarters~~ to Singapore in ~~2019~~.<ref>{{Cite web \|date=~~2018~~-10-10 \|title=~~Russian cybersecurity firm~~ Group-IB to ~~move~~ ~~global~~ ~~HQ to Singapore~~ \|url=https://~~www.businesstimes~~.com~~.sg~~/~~startups-tech~~/~~technology/russian-cybersecurity-firm-~~group-ib-~~move~~-~~global~~-hq-~~singapore~~ \|access-date=2024-09-20 \|website=~~The Business Times~~ \|language=en}}</ref>		Group-IB was founded in 2003 by ] and Dmitry Volkov in ]. The company moved to Singapore in 2019.<ref>{{Cite web \|title=Russian cyber titan Group-IB makes Singapore home \|url=https://www.channelasia.tech/article/1268752/russian-cyber-titan-group-ib-makes-singapore-home.html \|access-date=2024-03-10 \|website=Channel Asia \|language=en-US}}</ref> In July 2020, it received funding from the ] of Singapore through venture capital firm TNB Ventures.<ref>{{Cite web \|last=Desk \|first=AIT News \|date=2020-07-30 \|title=Group-IB Receives Funding from CSA \|url=https://aithority.com/security/group-ib-receives-funding-from-csa/ \|access-date=2024-03-10 \|website=AiThority \|language=en-US}}</ref>

	In August 2020, Group-IB became one of the nine cybersecurity firms that received a grant<ref>{{Cite news \|first=Irene \|last=Tham \|date=2020-07-30 \|title=9 cyber security firms to receive funding to defend Singapore's critical systems, smart nation projects \|url=https://www.straitstimes.com/tech/nine-cyber-security-firms-to-receive-funding-to-defend-singapores-critical-systems-smart-nation \|access-date=2024-09-20 \|work=The Straits Times \|language=en \|issn=0585-3923}}</ref> from the ] of Singapore and the locally based venture capital firm . In November 2020, Group-IB opened<ref>{{Cite web \|last=Koerkamp \|first=Geert Groot \|date=2020-11-13 \|title=Russische cybercrimebestrijder gaat Nederlandse bedrijven helpen bij het opsporen van computercriminelen \|url=https://www.trouw.nl/buitenland/russische-cybercrimebestrijder-gaat-nederlandse-bedrijven-helpen-bij-het-opsporen-van-computercriminelen~b14e2f14/ \|access-date=2024-09-20 \|website=] \|language=nl}}</ref> its European Headquarters in ], the ]. Seven months later, the company launched its Middle East and Africa operations by setting-up<ref>{{Cite web \|last=Sharma \|first=Alkesh \|title=Singapore’s Group-IB plans to produce local cyber technologies from Dubai \|url=https://www.thenationalnews.com/business/technology/singapore-s-group-ib-plans-to-produce-local-cyber-technologies-from-dubai-1.1233604 \|access-date=2024-09-20 \|website=The National \|language=en}}</ref> a regional HQ in ], the ]. In March 2023, Group-IB announced its plans<ref>{{Cite web \|title=Group-IB to open Digital Crime Resistance Center in Thailand - ET CIO SEA \|url=https://ciosea.economictimes.indiatimes.com/news/security/group-ib-to-open-digital-crime-resistance-center-in-thailand/98680964 \|access-date=2024-09-20 \|website=ETCIO.com \|language=en}}</ref> to open a Digital Crime Resistance Center in ].

	On April 20, 2023, Group-IB finalized<ref>{{Cite web \|last=Marrow \|first=Alexander \|date=April 20, 2023 \|title=Cyber firm Group-IB finalises Russia split to spur global ambitions \|url=https://www.reuters.com/technology/cyber-firm-group-ib-finalises-russia-split-spur-global-ambitions-2023-04-20/ \|access-date=20 September 2024 \|website=Reuters}}</ref> its exit from ] to focus on expanding the global Digital Crime Resistance network<ref>{{Cite web \|title=Group-IB exits Russia to focus exclusively on expanding global Digital Crime Resistance network \|url=https://www.zawya.com/en/press-release/companies-news/group-ib-exits-russia-to-focus-exclusively-on-expanding-global-digital-crime-resistance-network-dr0m0ru4 \|access-date=2024-09-20 \|website=www.zawya.com \|language=en}}</ref>. Dmitry Volkov, co-founder and CEO, sold his stake in Group-IB’s Russia-based business to the company’s local management, while Sachkov had sold his 37.5 percent stake<ref>{{Cite web \|title=Ilya Sachkov withdraws from Group-IB international business, maintains stake in Russian legal entity with changed brand \|url=https://interfax.com/newsroom/top-stories/89822/ \|access-date=2024-09-20 \|website=interfax.com}}</ref> in the Singapore entity to members of top management there.

	== Products ==

	Group-IB's Unified Risk Platform<ref>{{Cite web \|last=Security \|first=Help Net \|date=2022-07-01 \|title=Product showcase: Group-IB Unified Risk Platform \|url=https://www.helpnetsecurity.com/2022/07/01/product-showcase-group-ib-unified-risk-platform/ \|access-date=2024-09-20 \|website=Help Net Security \|language=en-US}}</ref> monitors ] at all times in order to detect advanced attacks and techniques. The Unified Risk Platform provides complete coverage of the cyber response chain. Group-IB's products and services consolidated in the Unified Risk Platform include Group-IB's ] Managed ] (XDR), Digital Risk Protection, ] Protection, ] Management, Business Email Protection, Audit & Consulting, Education & Training, ] & ], and Cyber Investigations. Group-IB's solutions and services have been recognized by various research agencies such as ], Aite Novarica, ], KuppingerCole Analysts AG, and more.

	Group-IB's ] (CERT-GIB), a private emergency response team that performs threat monitoring across Asia<ref>{{Cite web \|title=Group-IB joins APAC Computer Emergency Response Team \|url=https://www.channelasia.tech/article/1266736/group-ib-joins-apac-computer-emergency-response-team.html \|access-date=2024-09-20 \|website=Channel Asia \|language=en-US}}</ref>, Europe and the Middle East and Africa region, holds the status of an accredited member of Trusted Introducer<ref>{{Cite web \|title=Trusted Introducer : Home \|url=https://www.trusted-introducer.org/index.html \|access-date=2024-09-20 \|website=www.trusted-introducer.org}}</ref>. CERT-GIB is a member of the global Forum of Incident Response and Security Teams (FIRST)<ref>{{Cite web \|title=FIRST - Improving Security Together \|url=https://www.first.org/ \|access-date=2024-09-20 \|website=FIRST — Forum of Incident Response and Security Teams \|language=en}}</ref> and a member of the OIC Computer Emergency Response Team<ref>{{Cite web \|title=OIC-CERT {{!}} Organisation of The Islamic Cooperation - Computer Emergency Response Team \|url=https://www.oic-cert.org/en/commercialmembers.html#.X8dG3WgzY2w \|access-date=2024-09-20 \|website=www.oic-cert.org}}</ref>. CERT-GIB has been a member of the Anti-Phishing Working Group since October 2020<ref>{{Cite web \|title=APWG {{!}} Group-IB enhances data exchange operations by joining Anti-Phishing Working Group \|url=https://apwg.org/group-ib-enhances-data-exchange-operations-by-joining-anti-phishing-working-group/ \|access-date=2024-09-20 \|language=en-US}}</ref> and a corporate partner of the Asia Pacific Computer Emergency Response Team since February 2023<ref>{{Cite web \|title=Member Teams : About APCERT / APCERT \|url=https://www.apcert.org/about/structure/members.html \|access-date=2024-09-20 \|website=www.apcert.org}}</ref>.

	== Investigations with law enforcement ==

	Group-IB has been a private sector partner of ] since 2017<ref>{{Cite web \|last=Olenick \|first=Doug \|date=2017-11-02 \|title=Group IB, INTERPOL sign data exchange agreement \|url=https://www.scmagazine.com/news/group-ib-interpol-sign-data-exchange-agreement \|access-date=2024-09-20 \|website=SC Media \|language=en}}</ref>. In 2015, ] signed<ref>{{Cite web \|title=Europol signs agreement with Group-IB to cooperate in fighting cybercrime \|url=https://www.europol.europa.eu/media-press/newsroom/news/europol-signs-agreement-group-ib-to-cooperate-in-fighting-cybercrime \|access-date=2024-09-20 \|website=Europol \|language=en}}</ref> an agreement with Group-IB to cooperate in fighting cybercrime. Since then, the company has been a member of the Europol ] (EC3) Advisory Group on Internet Security<ref>{{Cite web \|title=EC3 Partners \|url=https://www.europol.europa.eu/about-europol/european-cybercrime-centre-ec3/ec3-partners \|access-date=2024-09-20 \|website=Europol \|language=en}}</ref>, which was created to foster closer cooperation between Europol and its leading non-law enforcement partners. In 2020 and 2021, Group-IB cooperated with Europol, payment companies and law enforcement authorities involved in the framework of the ] Action - an operation targeting fraudsters selling and purchasing compromised card details on websites selling stolen credit card data, known as card shops<ref>{{Cite web \|title=12 online fraudsters arrested in global operation against counterfeiters \|url=https://www.europol.europa.eu/media-press/newsroom/news/12-online-fraudsters-arrested-in-global-operation-against-counterfeiters \|access-date=2024-09-20 \|website=Europol \|language=en}}</ref>.

	In line with Group-IB's mission of fighting cybercrime<ref>{{Cite web \|last=Ropek \|first=Lucas \|date=2022-08-26 \|title=A Massive Hacking Campaign Stole 10,000 Login Credentials From 130 Different Organisations \|url=https://gizmodo.com.au/2022/08/a-massive-hacking-campaign-stole-10000-login-credentials-from-130-different-organisations/ \|access-date=2024-09-20 \|website=Gizmodo Australia \|language=en-AU}}</ref>, the company's cyber investigators regularly support global anti-cybercrime operations such as INTERPOL-led "Night Fury"<ref>{{Cite web \|title=INTERPOL supports arrest of cybercriminals targeting online shopping websites \|url=https://www.interpol.int/en/News-and-Events/News/2020/INTERPOL-supports-arrest-of-cybercriminals-targeting-online-shopping-websites \|access-date=2024-09-20 \|website=www.interpol.int \|language=en}}</ref>, "Falcon"<ref>{{Cite web \|title=Three arrested as INTERPOL, Group-IB and the Nigeria Police Force disrupt prolific cybercrime group \|url=https://www.interpol.int/en/News-and-Events/News/2020/Three-arrested-as-INTERPOL-Group-IB-and-the-Nigeria-Police-Force-disrupt-prolific-cybercrime-group \|access-date=2024-09-20 \|website=www.interpol.int \|language=en}}</ref>, "Lyrebird"<ref>{{Cite web \|title=Moroccan police arrest suspected cybercriminal after INTERPOL probe \|url=https://www.interpol.int/News-and-Events/News/2021/Moroccan-police-arrest-suspected-cybercriminal-after-INTERPOL-probe \|access-date=2024-09-20 \|website=www.interpol.int \|language=en}}</ref>, "Delilah"<ref>{{Cite web \|title=Suspected head of cybercrime gang arrested in Nigeria \|url=https://www.interpol.int/News-and-Events/News/2022/Suspected-head-of-cybercrime-gang-arrested-in-Nigeria \|access-date=2024-09-20 \|website=www.interpol.int \|language=en}}</ref>, as well as the operation "Nervone"<ref>{{Cite web \|title=Suspected key figure of notorious cybercrime group arrested in joint operation \|url=https://www.interpol.int/en/News-and-Events/News/2023/Suspected-key-figure-of-notorious-cybercrime-group-arrested-in-joint-operation \|access-date=2024-09-20 \|website=www.interpol.int \|language=en}}</ref> which resulted in the arrest of a suspected senior member of the OPERA1ER hacker group. The group is believed to have stolen as estimated USD 11 million in more than 30 attacks across 15 countries in Africa, Asia and Latin America, according to an overview of OPERA1ER's methods published by Group-IB and ] in November 2022<ref>{{Cite web \|title=Cybercrime Group OPERA1ER Stole $11M From 16 African Businesses \|url=https://www.darkreading.com/cyberattacks-data-breaches/cybercrime-group-opera1er-stole-11m-from-16-african-businesses \|access-date=2024-09-20 \|website=www.darkreading.com \|language=en}}</ref>.

	In November 2021, as part of the operation "No-vax free"<ref>{{Cite web \|title=https://www.gdf.gov.it/it/gdf-comunica/notizie-ed-eventi/comunicati-stampa/anno-2021/novembre/operazione-oo-vax-free-sgominata-la-banda-dei-green-pass \|url=https://www.gdf.gov.it/it/gdf-comunica/notizie-ed-eventi/comunicati-stampa/anno-2021/novembre/operazione-oo-vax-free-sgominata-la-banda-dei-green-pass \|access-date=2024-09-20 \|website=www.gdf.gov.it \|language=en}}</ref>, Group-IB helped<ref>{{Cite web \|title=Telegram channel admins who sold fake vaccine cards arrested \|url=https://www.bleepingcomputer.com/news/legal/telegram-channel-admins-who-sold-fake-vaccine-cards-arrested/ \|access-date=2024-09-20 \|website=BleepingComputer \|language=en-us}}</ref> ] (GdF), the Italian ] agency, in the probe into activities of the criminal organization which trafficked fake ], documents issued for vaccinated Italian citizens and those tested negative or recently recovered from ] via ] messenger. In July 2022, Group-IB assisted the ] in the operation to apprehend alleged members of a cybercriminal phishing group named "Fraud Family"<ref>{{Cite web \|last=Starks \|first=Tim \|date=2021-07-23 \|title=Dutch police bust alleged 'Fraud Family' phishing service members \|url=https://cyberscoop.com/dutch-police-fraud-family-group-ib-phishing-fraud-as-a-service/ \|access-date=2024-09-20 \|website=CyberScoop \|language=en-US}}</ref>.

	== Research ==

	In 2017, Group-IB's Threat Intelligence team published a that provided further evidence of the links<ref>{{Cite web \|last=Leyden \|first=John \|date=30 May 2017 \|title=NORK spy agency blamed for Bangladesh cyberheist, Sony Pictures hack \|url=https://www.theregister.com/2017/05/30/nork_spy_agency_lazarus_group_attribution/ \|access-date=20 September 2024 \|website=The Register}}</ref> between the ] hacking group and ], a ] ] agency. In September 2018, Group-IB published a on a previously unknown Silence hacking group<ref>{{Cite web \|last=Leyden \|first=John \|date=5 September 2018 \|title=Silence! Cybercrime's Pinky and the Brain have nicked $800k off banks \|url=https://www.theregister.com/2018/09/05/silence_cybercrooks/ \|access-date=20 September 2024 \|website=The Register}}</ref> linked to the theft of at least $800,000<ref>{{Cite web \|title=New Silence hacking group suspected of having ties to cyber-security industry \|url=https://www.zdnet.com/article/new-silence-hacking-group-suspected-of-having-ties-to-cyber-security-industry/ \|access-date=2024-09-20 \|website=ZDNET \|language=en}}</ref> from Russian and Eastern European financial institutions. In a follow-up report titled “Silence 2.0: Going Global” from August 2019, Group-IB said the geography of the group’s attacks had shifted and estimated the resulting damage to be $4.2 million<ref>{{Cite web \|title=Silence Advanced Hackers Attack Banks All Over the World \|url=https://www.bleepingcomputer.com/news/security/silence-advanced-hackers-attack-banks-all-over-the-world/ \|access-date=2024-09-20 \|website=BleepingComputer \|language=en-us}}</ref>.

	On August 25, 2022, 18 days after ], a communication solutions provider, claimed it had suffered a data breach<ref>{{Cite web \|last=Page \|first=Carly \|date=2022-08-08 \|title=Twilio hacked by phishing campaign \|url=https://techcrunch.com/2022/08/08/twilio-breach-customer-data/ \|access-date=2024-09-20 \|website=TechCrunch \|language=en-US}}</ref> following a phishing campaign<ref>{{Cite web \|last=Roth \|first=Emma \|date=2022-08-08 \|title=Twilio suffers data breach after its employees were targeted by a phishing campaign \|url=https://www.theverge.com/2022/8/8/23296923/twilio-data-breach-phishing-campaign-employees-targeted \|access-date=2024-09-20 \|website=The Verge \|language=en}}</ref>. Group-IB researchers uncovered that the attack on Twilio was part of a wider campaign by a hacker group they codenamed "0ktapus"<ref>{{Cite web \|last=Page \|first=Carly \|date=2022-08-25 \|title=Twilio hackers breached more than 130 organizations \|url=https://techcrunch.com/2022/08/25/twilio-hackers-group-ib/ \|access-date=2024-09-20 \|website=TechCrunch \|language=en-US}}</ref>. According to Group-IB, 0ktapus compromised more than 130 organizations during their hacking spree and stole login credentials belonging to nearly 10,000 individuals, mimicking the popular single sign-on service ]<ref>{{Cite web \|last=Weatherbed \|first=Jess \|date=2022-08-26 \|title=A huge phishing campaign has targeted over 130 companies, affecting Twilio and Signal \|url=https://www.theverge.com/2022/8/26/23323036/phishing-scam-campaign-twilio-hack-companies \|access-date=2024-09-20 \|website=The Verge \|language=en}}</ref>.

			In September 2021, Ilya Sachkov, its co-founder and CEO, was detained by Russian authorities for treason.<ref>{{Cite news \|date=2021-09-29 \|title=Russia detains cyber-security tycoon Ilya Sachkov in treason case \|url=https://www.bbc.com/news/world-europe-58738952 \|access-date=2024-03-10 \|language=en-GB}}</ref> He was sentenced to 14 years in prison.<ref>{{Cite web \|title=Russian cybersecurity chief jailed for 14 years for treason \|url=https://www.aljazeera.com/news/2023/7/26/russian-cybersecurity-chief-jailed-for-14-years-on-treason \|access-date=2024-03-10 \|website=Al Jazeera \|language=en}}</ref> The Russian and international business were later split with the business sold in April 2023 to Russian management to be branded FACCT.<ref name=":0">{{Cite news \|date=July 6, 2022 \|title=Cyber firm Group-IB to split Russian, international businesses \|url=https://www.reuters.com/technology/russian-cyber-firm-group-ib-split-russian-international-businesses-2022-07-06/ \|work=Reuters}}</ref><ref>{{Cite news \|last=Marrow \|first=Alexander \|date=April 20, 2023 \|title=Cyber firm Group-IB finalizes Russia split to spur global ambitions \|url=https://www.reuters.com/technology/cyber-firm-group-ib-finalises-russia-split-spur-global-ambitions-2023-04-20/ \|work=Reuters}}</ref> FACCT would market Group-IB products and services while being a separate entity allowing Group-IB to not directly have a presence.<ref>https://www.theregister.com/2023/06/29/russian_facct_employee_extradiation/</ref> Ilya Sachkov maintains his involvement in the Russian business.<ref>{{Cite web \|title=F.A.S.S.T. created the Cybersecurity Center \|url=https://tadviser.com/index.php/Company:F.A.C.C.T._(formerly_Group-IB_in_Russia)#Kazakhstan_extradites_F.A.C.C.T._employee_accused_of_hacking_company.27s_IT_systems_to_Russia \|access-date=2024-11-21 \|website=TAdviser.ru}}</ref>
	In January 2023, the company's Threat Intelligence team uncovered a newly identified ] actor "Dark Pink"<ref>{{Cite news \|date=2023-01-11 \|title=Suspected State Hackers Stole Military Data From Asian Countries \|url=https://www.bloomberg.com/news/articles/2023-01-11/suspected-state-hackers-stole-military-data-from-asian-countries?embedded-checkout=true \|access-date=2024-09-20 \|work=Bloomberg.com \|language=en}}</ref>. Dark Pink, suspected to be linked to an Asian government, breached seven high-profile targets in Southeast Asia and Europe, including government and military agencies, according to Group-IB. On May 31, 2023, Dark Pink broadened its targets to government agencies in countries including Indonesia and Thailand, carrying out cyber-espionage as recently as April 2023, Group-IB said<ref>{{Cite news \|date=2023-05-31 \|title=Suspected State-Backed Hackers Hit More Nations as Threat Grows \|url=https://www.bloomberg.com/news/articles/2023-05-31/suspected-state-backed-hackers-dark-pink-hit-more-governments?embedded-checkout=true \|access-date=2024-09-20 \|work=Bloomberg.com \|language=en}}</ref>.

			In 2023, the company split with a headquarters in Singapore and in Moscow.<ref name=":0" /> In December 2023, the Moscow office discovered that a hacking group was targeting Russian companies with a ] ].<ref>{{Cite web \|title=Cyber-espionage group Cloud Atlas targets Russian companies with war-related phishing attacks \|url=https://therecord.media/cloud-atlas-targets-russian-orgs-war-phishing \|access-date=2024-11-21 \|website=therecord.media \|language=en}}</ref>
	In August 2023, Group-IB discovered the ], which affected the processing of the ] file format by ]<ref>{{Cite web \|last=Page \|first=Carly \|date=2023-08-23 \|title=Hackers exploit WinRAR zero-day bug to steal funds from broker accounts \|url=https://techcrunch.com/2023/08/23/winrar-zero-day-funds-brokers/ \|access-date=2024-09-20 \|website=TechCrunch \|language=en-US}}</ref>. Group-IB said hackers have been exploiting this vulnerability since April 2023 to spread malicious ZIP archives on trading forums<ref>{{Cite web \|title=Threat Actor Exploits Zero-Day in WinRAR to Target Crypto Accounts \|url=https://www.darkreading.com/cyberattacks-data-breaches/threat-actor-exploits-zero-day-in-winrar-to-target-crypto-accounts \|access-date=2024-09-20 \|website=www.darkreading.com \|language=en}}</ref>. ]-2023-38831 was assigned a severity score of 7.8<ref>{{Cite web \|title=CVE Website \|url=https://www.cve.org/CVERecord?id=CVE-2023-38831 \|access-date=2024-09-20 \|website=www.cve.org}}</ref>.

	== References ==		== References ==
Line 55:		Line 34:
	]		]
	]		]
	]		]

Latest revision as of 23:00, 15 January 2025

Russian cybersecurity company

Group-IB
Company type	Private
Industry	Cybercrime
Founded	Moscow, Russia
Headquarters	Moscow and Singapore
Key people	Dmitry Volkov, CEO Singapore Valery Baulin, CEO Moscow Ilya Sachkov, founder and owner (37.5%)
Website	Singapore Website Russia Website

Group-IB is a cybersecurity company founded in 2003 in Moscow. In 2023, it split into two companies with a branch remaining in Moscow branded F.A.C.C.T. Group-IB and a branch in Singapore.

History

Group-IB was founded in 2003 by Ilya Sachkov and Dmitry Volkov in Russia. The company moved to Singapore in 2019. In July 2020, it received funding from the Cyber Security Agency of Singapore through venture capital firm TNB Ventures.

In September 2021, Ilya Sachkov, its co-founder and CEO, was detained by Russian authorities for treason. He was sentenced to 14 years in prison. The Russian and international business were later split with the business sold in April 2023 to Russian management to be branded FACCT. FACCT would market Group-IB products and services while being a separate entity allowing Group-IB to not directly have a presence. Ilya Sachkov maintains his involvement in the Russian business.

In 2023, the company split with a headquarters in Singapore and in Moscow. In December 2023, the Moscow office discovered that a hacking group was targeting Russian companies with a war-related phishing attack.

References

"Russian cyber titan Group-IB makes Singapore home". Channel Asia. Retrieved 2024-03-10.
Desk, AIT News (2020-07-30). "Group-IB Receives Funding from CSA". AiThority. Retrieved 2024-03-10. {{cite web}}: |last= has generic name (help)
"Russia detains cyber-security tycoon Ilya Sachkov in treason case". 2021-09-29. Retrieved 2024-03-10.
"Russian cybersecurity chief jailed for 14 years for treason". Al Jazeera. Retrieved 2024-03-10.
^ "Cyber firm Group-IB to split Russian, international businesses". Reuters. July 6, 2022.
Marrow, Alexander (April 20, 2023). "Cyber firm Group-IB finalizes Russia split to spur global ambitions". Reuters.
https://www.theregister.com/2023/06/29/russian_facct_employee_extradiation/
"F.A.S.S.T. created the Cybersecurity Center". TAdviser.ru. Retrieved 2024-11-21.
"Cyber-espionage group Cloud Atlas targets Russian companies with war-related phishing attacks". therecord.media. Retrieved 2024-11-21.

Categories: