Misplaced Pages

Group-IB: Difference between revisions

Article snapshot taken from[REDACTED] with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.
Browse history interactively← Previous editNext edit →Content deleted Content addedVisualWikitext
Revision as of 11:15, 23 September 2024 view source80.227.35.154 (talk)No edit summaryTag: Reverted← Previous edit Revision as of 11:16, 23 September 2024 view source C.Fred (talk | contribs)Autopatrolled, Administrators278,311 edits Restored revision 1247226468 by C.Fred (talk): This admin does not see an obvious COI or other problems with edits; please discuss on talk page and get consensusTags: Twinkle Undo RevertedNext edit →
Line 3: Line 3:
| type = ] | type = ]
| industry = Cybersecurity | industry = Cybersecurity
| founded = ], ] | founded = 2003
| key_people = Dmitry Volkov (CEO) | key_people = Dmitry Volkov (CEO)
| hq_location = Singapore
| num_locations =
| num_locations = Singapore, Netherlands, UAE, Vietnam, Thailand, Uzbekistan, Chile
| area_served = | area_served = Worldwide
| products =
| products = Threat Intelligence, Fraud Protection, Managed Extended Detection and Response (XDR), Network Traffic Analysis, Sandbox, Endpoint Detection and Response (EDR), Attack Surface Management, Digital Risk Protection, Business Email Protection, Digital Forensics & Incident Response, Cybersecurity Audit & Consulting, Hi-Tech Cyber Crime Investigation, Cyber Education
| services = | services =
| num_employees = | num_employees = 300 (March 2024)
| website = | website = {{URL|www.group-ib.com }}
}} }}
'''Group-IB'''is a Russian ] company. '''Group-IB''' is a ] ] company, established in 2003 and headquartered in ]. The company creates cybersecurity technologies to investigate, prevent, and fight ].

Group-IB’s Digital Crime Resistance Centers are located in the ], ]<ref>{{Cite web |last=Asia |first=Times of Central |date=2023-12-27 |title=Group-IB Opens First Digital Crime Resistance Center in Central Asia - The Times Of Central Asia |url=https://timesca.com/group-ib-opens-first-digital-crime-resistance-center-in-central-asia/ |access-date=2024-09-20 |language=en-US}}</ref>, ], and ].<ref>{{Cite web |last=Page |first=Carly |date=2023-11-01 |title=With its exit from Russia complete, Group-IB plans its US expansion |url=https://techcrunch.com/2023/11/01/group-ib-united-states-expansion/ |access-date=2024-09-20 |website=TechCrunch |language=en-US}}</ref>


== History == == History ==


Group-IB was founded in 2003 by ] and Dmitry Volkov in Moscow, ]. The company moved to Singapore in 2019.<ref>{{Cite web |title=Russian cyber titan Group-IB makes Singapore home |url=https://www.channelasia.tech/article/1268752/russian-cyber-titan-group-ib-makes-singapore-home.html |access-date=2024-03-10 |website=Channel Asia |language=en-US}}</ref> In July 2020, it received funding from the ] of Singapore through venture capital firm TNB Ventures.<ref>{{Cite web |last=Desk |first=AIT News |date=2020-07-30 |title=Group-IB Receives Funding from CSA |url=https://aithority.com/security/group-ib-receives-funding-from-csa/ |access-date=2024-03-10 |website=AiThority |language=en-US}}</ref> Dmitry Volkov, who serves as the company’s CEO, co-founded Group-IB together with his university classmate, ], in 2003.<ref>{{Cite web |last=Knowles |first=Catherine |date=14 December 2023 |title=Cybersecurity firm Group-IB tracks major new threat actor GambleForce |url=https://securitybrief.asia/story/cybersecurity-firm-group-ib-tracks-major-new-threat-actor-gambleforce |access-date=20 September 2024 |website=Security Brief Asia}}</ref> Originally founded in Russia, the company moved its headquarters to Singapore in 2019.<ref>{{Cite web |date=2018-10-10 |title=Russian cybersecurity firm Group-IB to move global HQ to Singapore |url=https://www.businesstimes.com.sg/startups-tech/technology/russian-cybersecurity-firm-group-ib-move-global-hq-singapore |access-date=2024-09-20 |website=The Business Times |language=en}}</ref>

In August 2020, Group-IB became one of the nine cybersecurity firms that received a grant<ref>{{Cite news |first=Irene |last=Tham |date=2020-07-30 |title=9 cyber security firms to receive funding to defend Singapore's critical systems, smart nation projects |url=https://www.straitstimes.com/tech/nine-cyber-security-firms-to-receive-funding-to-defend-singapores-critical-systems-smart-nation |access-date=2024-09-20 |work=The Straits Times |language=en |issn=0585-3923}}</ref> from the ] of Singapore and the locally based venture capital firm . In November 2020, Group-IB opened<ref>{{Cite web |last=Koerkamp |first=Geert Groot |date=2020-11-13 |title=Russische cybercrimebestrijder gaat Nederlandse bedrijven helpen bij het opsporen van computercriminelen |url=https://www.trouw.nl/buitenland/russische-cybercrimebestrijder-gaat-nederlandse-bedrijven-helpen-bij-het-opsporen-van-computercriminelen~b14e2f14/ |access-date=2024-09-20 |website=] |language=nl}}</ref> its European Headquarters in ], the ]. Seven months later, the company launched its Middle East and Africa operations by setting-up<ref>{{Cite web |last=Sharma |first=Alkesh |title=Singapore’s Group-IB plans to produce local cyber technologies from Dubai |url=https://www.thenationalnews.com/business/technology/singapore-s-group-ib-plans-to-produce-local-cyber-technologies-from-dubai-1.1233604 |access-date=2024-09-20 |website=The National |language=en}}</ref> a regional HQ in ], the ]. In March 2023, Group-IB announced its plans<ref>{{Cite web |title=Group-IB to open Digital Crime Resistance Center in Thailand - ET CIO SEA |url=https://ciosea.economictimes.indiatimes.com/news/security/group-ib-to-open-digital-crime-resistance-center-in-thailand/98680964 |access-date=2024-09-20 |website=ETCIO.com |language=en}}</ref> to open a Digital Crime Resistance Center in ].

On April 20, 2023, Group-IB finalized<ref>{{Cite web |last=Marrow |first=Alexander |date=April 20, 2023 |title=Cyber firm Group-IB finalises Russia split to spur global ambitions |url=https://www.reuters.com/technology/cyber-firm-group-ib-finalises-russia-split-spur-global-ambitions-2023-04-20/ |access-date=20 September 2024 |website=Reuters}}</ref> its exit from ] to focus on expanding the global Digital Crime Resistance network<ref>{{Cite web |title=Group-IB exits Russia to focus exclusively on expanding global Digital Crime Resistance network |url=https://www.zawya.com/en/press-release/companies-news/group-ib-exits-russia-to-focus-exclusively-on-expanding-global-digital-crime-resistance-network-dr0m0ru4 |access-date=2024-09-20 |website=www.zawya.com |language=en}}</ref>. Dmitry Volkov, co-founder and CEO, sold his stake in Group-IB’s Russia-based business to the company’s local management, while Sachkov had sold his 37.5 percent stake<ref>{{Cite web |title=Ilya Sachkov withdraws from Group-IB international business, maintains stake in Russian legal entity with changed brand |url=https://interfax.com/newsroom/top-stories/89822/ |access-date=2024-09-20 |website=interfax.com}}</ref> in the Singapore entity to members of top management there.

== Products ==

Group-IB's Unified Risk Platform<ref>{{Cite web |last=Security |first=Help Net |date=2022-07-01 |title=Product showcase: Group-IB Unified Risk Platform |url=https://www.helpnetsecurity.com/2022/07/01/product-showcase-group-ib-unified-risk-platform/ |access-date=2024-09-20 |website=Help Net Security |language=en-US}}</ref> monitors ] at all times in order to detect advanced attacks and techniques. The Unified Risk Platform provides complete coverage of the cyber response chain. Group-IB's products and services consolidated in the Unified Risk Platform include Group-IB's ] Managed ] (XDR), Digital Risk Protection, ] Protection, ] Management, Business Email Protection, Audit & Consulting, Education & Training, ] & ], and Cyber Investigations. Group-IB's solutions and services have been recognized by various research agencies such as ], Aite Novarica, ], KuppingerCole Analysts AG, and more.

Group-IB's ] (CERT-GIB), a private emergency response team that performs threat monitoring across Asia<ref>{{Cite web |title=Group-IB joins APAC Computer Emergency Response Team |url=https://www.channelasia.tech/article/1266736/group-ib-joins-apac-computer-emergency-response-team.html |access-date=2024-09-20 |website=Channel Asia |language=en-US}}</ref>, Europe and the Middle East and Africa region, holds the status of an accredited member of Trusted Introducer<ref>{{Cite web |title=Trusted Introducer : Home |url=https://www.trusted-introducer.org/index.html |access-date=2024-09-20 |website=www.trusted-introducer.org}}</ref>. CERT-GIB is a member of the global Forum of Incident Response and Security Teams (FIRST)<ref>{{Cite web |title=FIRST - Improving Security Together |url=https://www.first.org/ |access-date=2024-09-20 |website=FIRST — Forum of Incident Response and Security Teams |language=en}}</ref> and a member of the OIC Computer Emergency Response Team<ref>{{Cite web |title=OIC-CERT {{!}} Organisation of The Islamic Cooperation - Computer Emergency Response Team |url=https://www.oic-cert.org/en/commercialmembers.html#.X8dG3WgzY2w |access-date=2024-09-20 |website=www.oic-cert.org}}</ref>. CERT-GIB has been a member of the Anti-Phishing Working Group since October 2020<ref>{{Cite web |title=APWG {{!}} Group-IB enhances data exchange operations by joining Anti-Phishing Working Group |url=https://apwg.org/group-ib-enhances-data-exchange-operations-by-joining-anti-phishing-working-group/ |access-date=2024-09-20 |language=en-US}}</ref> and a corporate partner of the Asia Pacific Computer Emergency Response Team since February 2023<ref>{{Cite web |title=Member Teams : About APCERT / APCERT |url=https://www.apcert.org/about/structure/members.html |access-date=2024-09-20 |website=www.apcert.org}}</ref>.

== Investigations with law enforcement ==

Group-IB has been a private sector partner of ] since 2017<ref>{{Cite web |last=Olenick |first=Doug |date=2017-11-02 |title=Group IB, INTERPOL sign data exchange agreement |url=https://www.scmagazine.com/news/group-ib-interpol-sign-data-exchange-agreement |access-date=2024-09-20 |website=SC Media |language=en}}</ref>. In 2015, ] signed<ref>{{Cite web |title=Europol signs agreement with Group-IB to cooperate in fighting cybercrime |url=https://www.europol.europa.eu/media-press/newsroom/news/europol-signs-agreement-group-ib-to-cooperate-in-fighting-cybercrime |access-date=2024-09-20 |website=Europol |language=en}}</ref> an agreement with Group-IB to cooperate in fighting cybercrime. Since then, the company has been a member of the Europol ] (EC3) Advisory Group on Internet Security<ref>{{Cite web |title=EC3 Partners |url=https://www.europol.europa.eu/about-europol/european-cybercrime-centre-ec3/ec3-partners |access-date=2024-09-20 |website=Europol |language=en}}</ref>, which was created to foster closer cooperation between Europol and its leading non-law enforcement partners. In 2020 and 2021, Group-IB cooperated with Europol, payment companies and law enforcement authorities involved in the framework of the ] Action - an operation targeting fraudsters selling and purchasing compromised card details on websites selling stolen credit card data, known as card shops<ref>{{Cite web |title=12 online fraudsters arrested in global operation against counterfeiters |url=https://www.europol.europa.eu/media-press/newsroom/news/12-online-fraudsters-arrested-in-global-operation-against-counterfeiters |access-date=2024-09-20 |website=Europol |language=en}}</ref>.

In line with Group-IB's mission of fighting cybercrime<ref>{{Cite web |last=Ropek |first=Lucas |date=2022-08-26 |title=A Massive Hacking Campaign Stole 10,000 Login Credentials From 130 Different Organisations |url=https://gizmodo.com.au/2022/08/a-massive-hacking-campaign-stole-10000-login-credentials-from-130-different-organisations/ |access-date=2024-09-20 |website=Gizmodo Australia |language=en-AU}}</ref>, the company's cyber investigators regularly support global anti-cybercrime operations such as INTERPOL-led "Night Fury"<ref>{{Cite web |title=INTERPOL supports arrest of cybercriminals targeting online shopping websites |url=https://www.interpol.int/en/News-and-Events/News/2020/INTERPOL-supports-arrest-of-cybercriminals-targeting-online-shopping-websites |access-date=2024-09-20 |website=www.interpol.int |language=en}}</ref>, "Falcon"<ref>{{Cite web |title=Three arrested as INTERPOL, Group-IB and the Nigeria Police Force disrupt prolific cybercrime group |url=https://www.interpol.int/en/News-and-Events/News/2020/Three-arrested-as-INTERPOL-Group-IB-and-the-Nigeria-Police-Force-disrupt-prolific-cybercrime-group |access-date=2024-09-20 |website=www.interpol.int |language=en}}</ref>, "Lyrebird"<ref>{{Cite web |title=Moroccan police arrest suspected cybercriminal after INTERPOL probe |url=https://www.interpol.int/News-and-Events/News/2021/Moroccan-police-arrest-suspected-cybercriminal-after-INTERPOL-probe |access-date=2024-09-20 |website=www.interpol.int |language=en}}</ref>, "Delilah"<ref>{{Cite web |title=Suspected head of cybercrime gang arrested in Nigeria |url=https://www.interpol.int/News-and-Events/News/2022/Suspected-head-of-cybercrime-gang-arrested-in-Nigeria |access-date=2024-09-20 |website=www.interpol.int |language=en}}</ref>, as well as the operation "Nervone"<ref>{{Cite web |title=Suspected key figure of notorious cybercrime group arrested in joint operation |url=https://www.interpol.int/en/News-and-Events/News/2023/Suspected-key-figure-of-notorious-cybercrime-group-arrested-in-joint-operation |access-date=2024-09-20 |website=www.interpol.int |language=en}}</ref> which resulted in the arrest of a suspected senior member of the OPERA1ER hacker group. The group is believed to have stolen as estimated USD 11 million in more than 30 attacks across 15 countries in Africa, Asia and Latin America, according to an overview of OPERA1ER's methods published by Group-IB and ] in November 2022<ref>{{Cite web |title=Cybercrime Group OPERA1ER Stole $11M From 16 African Businesses |url=https://www.darkreading.com/cyberattacks-data-breaches/cybercrime-group-opera1er-stole-11m-from-16-african-businesses |access-date=2024-09-20 |website=www.darkreading.com |language=en}}</ref>.

In November 2021, as part of the operation "No-vax free"<ref>{{Cite web |title=https://www.gdf.gov.it/it/gdf-comunica/notizie-ed-eventi/comunicati-stampa/anno-2021/novembre/operazione-oo-vax-free-sgominata-la-banda-dei-green-pass |url=https://www.gdf.gov.it/it/gdf-comunica/notizie-ed-eventi/comunicati-stampa/anno-2021/novembre/operazione-oo-vax-free-sgominata-la-banda-dei-green-pass |access-date=2024-09-20 |website=www.gdf.gov.it |language=en}}</ref>, Group-IB helped<ref>{{Cite web |title=Telegram channel admins who sold fake vaccine cards arrested |url=https://www.bleepingcomputer.com/news/legal/telegram-channel-admins-who-sold-fake-vaccine-cards-arrested/ |access-date=2024-09-20 |website=BleepingComputer |language=en-us}}</ref> ] (GdF), the Italian ] agency, in the probe into activities of the criminal organization which trafficked fake ], documents issued for vaccinated Italian citizens and those tested negative or recently recovered from ] via ] messenger. In July 2022, Group-IB assisted the ] in the operation to apprehend alleged members of a cybercriminal phishing group named "Fraud Family"<ref>{{Cite web |last=Starks |first=Tim |date=2021-07-23 |title=Dutch police bust alleged 'Fraud Family' phishing service members |url=https://cyberscoop.com/dutch-police-fraud-family-group-ib-phishing-fraud-as-a-service/ |access-date=2024-09-20 |website=CyberScoop |language=en-US}}</ref>.

== Research ==


In 2017, Group-IB's Threat Intelligence team published a that provided further evidence of the links<ref>{{Cite web |last=Leyden |first=John |date=30 May 2017 |title=NORK spy agency blamed for Bangladesh cyberheist, Sony Pictures hack |url=https://www.theregister.com/2017/05/30/nork_spy_agency_lazarus_group_attribution/ |access-date=20 September 2024 |website=The Register}}</ref> between the ] hacking group and ], a ] ] agency. In September 2018, Group-IB published a on a previously unknown Silence hacking group<ref>{{Cite web |last=Leyden |first=John |date=5 September 2018 |title=Silence! Cybercrime's Pinky and the Brain have nicked $800k off banks |url=https://www.theregister.com/2018/09/05/silence_cybercrooks/ |access-date=20 September 2024 |website=The Register}}</ref> linked to the theft of at least $800,000<ref>{{Cite web |title=New Silence hacking group suspected of having ties to cyber-security industry |url=https://www.zdnet.com/article/new-silence-hacking-group-suspected-of-having-ties-to-cyber-security-industry/ |access-date=2024-09-20 |website=ZDNET |language=en}}</ref> from Russian and Eastern European financial institutions. In a follow-up report titled “Silence 2.0: Going Global” from August 2019, Group-IB said the geography of the group’s attacks had shifted and estimated the resulting damage to be $4.2 million<ref>{{Cite web |title=Silence Advanced Hackers Attack Banks All Over the World |url=https://www.bleepingcomputer.com/news/security/silence-advanced-hackers-attack-banks-all-over-the-world/ |access-date=2024-09-20 |website=BleepingComputer |language=en-us}}</ref>.
It cooperated with ] (GdF) as part of the operation ''No-vax free'' in 2021 to identify criminals trading in fake COVID-19 green passes.<ref name=":0">{{Cite web |last=Redazione |date=2023-04-20 |title=Group-IB lascia il mercato russo e continua lotta a cyber crime |url=https://www.cybersecitalia.it/group-ib-lascia-il-mercato-russo-e-continua-ad-essere-partner-di-istituzioni-italiane-contro-il-cyber-crime/24368/ |access-date=2024-03-10 |website=CyberSecurity Italia |language=it-IT}}</ref>


In September 2021, Ilya Sachkoy, its co-founder and CEO, was detained by Russian authorities for treason.<ref>{{Cite news |date=2021-09-29 |title=Russia detains cyber-security tycoon Ilya Sachkov in treason case |url=https://www.bbc.com/news/world-europe-58738952 |access-date=2024-03-10 |language=en-GB}}</ref> He was sentenced to 14 years in prison.<ref>{{Cite web |title=Russian cybersecurity chief jailed for 14 years for treason |url=https://www.aljazeera.com/news/2023/7/26/russian-cybersecurity-chief-jailed-for-14-years-on-treason |access-date=2024-03-10 |website=Al Jazeera |language=en}}</ref> The Russian and international business were later split with the business sold in April 2023 to Russian management.<ref>{{Cite news |date=July 6, 2022 |title=Cyber firm Group-IB to split Russian, international businesses |url=https://www.reuters.com/technology/russian-cyber-firm-group-ib-split-russian-international-businesses-2022-07-06/ |work=Reuters}}</ref><ref>{{Cite news |last=Marrow |first=Alexander |date=April 20, 2023 |title=Cyber firm Group-IB finalizes Russia split to spur global ambitions |url=https://www.reuters.com/technology/cyber-firm-group-ib-finalises-russia-split-spur-global-ambitions-2023-04-20/ |work=Reuters}}</ref> On August 25, 2022, 18 days after ], a communication solutions provider, claimed it had suffered a data breach<ref>{{Cite web |last=Page |first=Carly |date=2022-08-08 |title=Twilio hacked by phishing campaign |url=https://techcrunch.com/2022/08/08/twilio-breach-customer-data/ |access-date=2024-09-20 |website=TechCrunch |language=en-US}}</ref> following a phishing campaign<ref>{{Cite web |last=Roth |first=Emma |date=2022-08-08 |title=Twilio suffers data breach after its employees were targeted by a phishing campaign |url=https://www.theverge.com/2022/8/8/23296923/twilio-data-breach-phishing-campaign-employees-targeted |access-date=2024-09-20 |website=The Verge |language=en}}</ref>. Group-IB researchers uncovered that the attack on Twilio was part of a wider campaign by a hacker group they codenamed "0ktapus"<ref>{{Cite web |last=Page |first=Carly |date=2022-08-25 |title=Twilio hackers breached more than 130 organizations |url=https://techcrunch.com/2022/08/25/twilio-hackers-group-ib/ |access-date=2024-09-20 |website=TechCrunch |language=en-US}}</ref>. According to Group-IB, 0ktapus compromised more than 130 organizations during their hacking spree and stole login credentials belonging to nearly 10,000 individuals, mimicking the popular single sign-on service ]<ref>{{Cite web |last=Weatherbed |first=Jess |date=2022-08-26 |title=A huge phishing campaign has targeted over 130 companies, affecting Twilio and Signal |url=https://www.theverge.com/2022/8/26/23323036/phishing-scam-campaign-twilio-hack-companies |access-date=2024-09-20 |website=The Verge |language=en}}</ref>.


In January 2023, the company's Threat Intelligence team uncovered a newly identified ] actor "Dark Pink"<ref>{{Cite news |date=2023-01-11 |title=Suspected State Hackers Stole Military Data From Asian Countries |url=https://www.bloomberg.com/news/articles/2023-01-11/suspected-state-hackers-stole-military-data-from-asian-countries?embedded-checkout=true |access-date=2024-09-20 |work=Bloomberg.com |language=en}}</ref>. Dark Pink, suspected to be linked to an Asian government, breached seven high-profile targets in Southeast Asia and Europe, including government and military agencies, according to Group-IB. On May 31, 2023, Dark Pink broadened its targets to government agencies in countries including Indonesia and Thailand, carrying out cyber-espionage as recently as April 2023, Group-IB said<ref>{{Cite news |date=2023-05-31 |title=Suspected State-Backed Hackers Hit More Nations as Threat Grows |url=https://www.bloomberg.com/news/articles/2023-05-31/suspected-state-backed-hackers-dark-pink-hit-more-governments?embedded-checkout=true |access-date=2024-09-20 |work=Bloomberg.com |language=en}}</ref>.
In 2022, the firm worked with the ] in an operation to apprehend alleged members of a phishing group.<ref>{{Cite web |last=Starks |first=Tim |date=2021-07-23 |title=Dutch police bust alleged 'Fraud Family' phishing service members |url=https://cyberscoop.com/dutch-police-fraud-family-group-ib-phishing-fraud-as-a-service/ |access-date=2024-03-10 |website=CyberScoop |language=en-US}}</ref><ref>{{Cite web |last=Paganini |first=Pierluigi |date=2021-07-22 |title=Group-IB helps Dutch police identify members of phishing developer gang Fraud Family |url=https://securityaffairs.com/120428/cyber-crime/fraud-family-members-identified.html |access-date=2024-03-10 |website=Security Affairs |language=en-US}}</ref>


In August 2023, Group-IB discovered the ], which affected the processing of the ] file format by ]<ref>{{Cite web |last=Page |first=Carly |date=2023-08-23 |title=Hackers exploit WinRAR zero-day bug to steal funds from broker accounts |url=https://techcrunch.com/2023/08/23/winrar-zero-day-funds-brokers/ |access-date=2024-09-20 |website=TechCrunch |language=en-US}}</ref>. Group-IB said hackers have been exploiting this vulnerability since April 2023 to spread malicious ZIP archives on trading forums<ref>{{Cite web |title=Threat Actor Exploits Zero-Day in WinRAR to Target Crypto Accounts |url=https://www.darkreading.com/cyberattacks-data-breaches/threat-actor-exploits-zero-day-in-winrar-to-target-crypto-accounts |access-date=2024-09-20 |website=www.darkreading.com |language=en}}</ref>. ]-2023-38831 was assigned a severity score of 7.8<ref>{{Cite web |title=CVE Website |url=https://www.cve.org/CVERecord?id=CVE-2023-38831 |access-date=2024-09-20 |website=www.cve.org}}</ref>.
Group-IB signed a ] with AFRIPOL to strengthen cybersecurity capabilities in 2024 and extended their strategic partnership with Interpol at INTERPOL Global Complex for Innovation in Singapore.<ref>{{Cite news |date=2024-02-23 |title=INTERPOL and Group-IB extend strategic partnership to combat cybercrime worldwide - Defence & Security Middle East |url=https://www.defsecme.com/security/cyber-security/interpol-and-group-ib-extend-strategic-partnership-to-combat-cybercrime-worldwide |access-date=2024-03-28 |work=Defence & Security Middle East |language=en-US}}</ref><ref>{{Cite web |date=2024-02-20 |title=Cooperation AFRIPOL-GROUP IB to enhance cybersecurity across Africa - The AFRICAN Union Mechanism for Police Cooperation |url=https://afripol.africa-union.org/cooperation-afripol-group-ib-to-enhance-cybersecurity-across-africa/ |access-date=2024-03-28 |language=en-US}}</ref><ref>{{Cite news |date=2024-02-21 |title=AFRIPOL signs MoU with Group-IB to focus on cybersecurity - Edge Middle East |url=https://www.edgemiddleeast.com/security/cyber-security/afripol-signs-mou-with-group-ib-to-focus-on-cybersecurity |access-date=2024-03-28 |work=Edge Middle East |language=en-US}}</ref>


== References == == References ==

Revision as of 11:16, 23 September 2024

Group-IB
Company typePrivate
IndustryCybersecurity
Founded2003
HeadquartersSingapore
Number of locationsSingapore, Netherlands, UAE, Vietnam, Thailand, Uzbekistan, Chile
Area servedWorldwide
Key peopleDmitry Volkov (CEO)
ProductsThreat Intelligence, Fraud Protection, Managed Extended Detection and Response (XDR), Network Traffic Analysis, Sandbox, Endpoint Detection and Response (EDR), Attack Surface Management, Digital Risk Protection, Business Email Protection, Digital Forensics & Incident Response, Cybersecurity Audit & Consulting, Hi-Tech Cyber Crime Investigation, Cyber Education
Number of employees300 (March 2024)
Websitewww.group-ib.com

Group-IB is a privately held cybersecurity company, established in 2003 and headquartered in Singapore. The company creates cybersecurity technologies to investigate, prevent, and fight cybercrime.

Group-IB’s Digital Crime Resistance Centers are located in the Asia-Pacific, Central Asia, Middle East, and Europe.

History

Dmitry Volkov, who serves as the company’s CEO, co-founded Group-IB together with his university classmate, Ilya Sachkov, in 2003. Originally founded in Russia, the company moved its headquarters to Singapore in 2019.

In August 2020, Group-IB became one of the nine cybersecurity firms that received a grant from the Cyber Security Agency of Singapore and the locally based venture capital firm TNB Ventures. In November 2020, Group-IB opened its European Headquarters in Amsterdam, the Netherlands. Seven months later, the company launched its Middle East and Africa operations by setting-up a regional HQ in Dubai, the UAE. In March 2023, Group-IB announced its plans to open a Digital Crime Resistance Center in Thailand.

On April 20, 2023, Group-IB finalized its exit from Russia to focus on expanding the global Digital Crime Resistance network. Dmitry Volkov, co-founder and CEO, sold his stake in Group-IB’s Russia-based business to the company’s local management, while Sachkov had sold his 37.5 percent stake in the Singapore entity to members of top management there.

Products

Group-IB's Unified Risk Platform monitors threat actors at all times in order to detect advanced attacks and techniques. The Unified Risk Platform provides complete coverage of the cyber response chain. Group-IB's products and services consolidated in the Unified Risk Platform include Group-IB's Threat Intelligence, Managed Extended Detection and Response (XDR), Digital Risk Protection, Fraud Protection, Attack Surface Management, Business Email Protection, Audit & Consulting, Education & Training, Digital Forensics & Incident Response, and Cyber Investigations. Group-IB's solutions and services have been recognized by various research agencies such as Gartner, Aite Novarica, Frost & Sullivan, KuppingerCole Analysts AG, and more.

Group-IB's Computer Emergency Response team (CERT-GIB), a private emergency response team that performs threat monitoring across Asia, Europe and the Middle East and Africa region, holds the status of an accredited member of Trusted Introducer. CERT-GIB is a member of the global Forum of Incident Response and Security Teams (FIRST) and a member of the OIC Computer Emergency Response Team. CERT-GIB has been a member of the Anti-Phishing Working Group since October 2020 and a corporate partner of the Asia Pacific Computer Emergency Response Team since February 2023.

Investigations with law enforcement

Group-IB has been a private sector partner of INTERPOL since 2017. In 2015, Europol signed an agreement with Group-IB to cooperate in fighting cybercrime. Since then, the company has been a member of the Europol European Cybercrime Centre's (EC3) Advisory Group on Internet Security, which was created to foster closer cooperation between Europol and its leading non-law enforcement partners. In 2020 and 2021, Group-IB cooperated with Europol, payment companies and law enforcement authorities involved in the framework of the Carding Action - an operation targeting fraudsters selling and purchasing compromised card details on websites selling stolen credit card data, known as card shops.

In line with Group-IB's mission of fighting cybercrime, the company's cyber investigators regularly support global anti-cybercrime operations such as INTERPOL-led "Night Fury", "Falcon", "Lyrebird", "Delilah", as well as the operation "Nervone" which resulted in the arrest of a suspected senior member of the OPERA1ER hacker group. The group is believed to have stolen as estimated USD 11 million in more than 30 attacks across 15 countries in Africa, Asia and Latin America, according to an overview of OPERA1ER's methods published by Group-IB and Orange S.A. in November 2022.

In November 2021, as part of the operation "No-vax free", Group-IB helped Guardia di Finanza (GdF), the Italian law enforcement agency, in the probe into activities of the criminal organization which trafficked fake Green Passes, documents issued for vaccinated Italian citizens and those tested negative or recently recovered from COVID-19 via Telegram messenger. In July 2022, Group-IB assisted the Dutch National Police in the operation to apprehend alleged members of a cybercriminal phishing group named "Fraud Family".

Research

In 2017, Group-IB's Threat Intelligence team published a report that provided further evidence of the links between the Lazarus hacking group and Bureau 121, a North Korean cyberwarfare agency. In September 2018, Group-IB published a first technical report on a previously unknown Silence hacking group linked to the theft of at least $800,000 from Russian and Eastern European financial institutions. In a follow-up report titled “Silence 2.0: Going Global” from August 2019, Group-IB said the geography of the group’s attacks had shifted and estimated the resulting damage to be $4.2 million.

On August 25, 2022, 18 days after Twilio, a communication solutions provider, claimed it had suffered a data breach following a phishing campaign. Group-IB researchers uncovered that the attack on Twilio was part of a wider campaign by a hacker group they codenamed "0ktapus". According to Group-IB, 0ktapus compromised more than 130 organizations during their hacking spree and stole login credentials belonging to nearly 10,000 individuals, mimicking the popular single sign-on service Okta.

In January 2023, the company's Threat Intelligence team uncovered a newly identified advanced persistent threat actor "Dark Pink". Dark Pink, suspected to be linked to an Asian government, breached seven high-profile targets in Southeast Asia and Europe, including government and military agencies, according to Group-IB. On May 31, 2023, Dark Pink broadened its targets to government agencies in countries including Indonesia and Thailand, carrying out cyber-espionage as recently as April 2023, Group-IB said.

In August 2023, Group-IB discovered the vulnerability, which affected the processing of the ZIP file format by WinRAR. Group-IB said hackers have been exploiting this vulnerability since April 2023 to spread malicious ZIP archives on trading forums. CVE-2023-38831 was assigned a severity score of 7.8.

References

  1. Asia, Times of Central (2023-12-27). "Group-IB Opens First Digital Crime Resistance Center in Central Asia - The Times Of Central Asia". Retrieved 2024-09-20.
  2. Page, Carly (2023-11-01). "With its exit from Russia complete, Group-IB plans its US expansion". TechCrunch. Retrieved 2024-09-20.
  3. Knowles, Catherine (14 December 2023). "Cybersecurity firm Group-IB tracks major new threat actor GambleForce". Security Brief Asia. Retrieved 20 September 2024.
  4. "Russian cybersecurity firm Group-IB to move global HQ to Singapore". The Business Times. 2018-10-10. Retrieved 2024-09-20.
  5. Tham, Irene (2020-07-30). "9 cyber security firms to receive funding to defend Singapore's critical systems, smart nation projects". The Straits Times. ISSN 0585-3923. Retrieved 2024-09-20.
  6. Koerkamp, Geert Groot (2020-11-13). "Russische cybercrimebestrijder gaat Nederlandse bedrijven helpen bij het opsporen van computercriminelen". Trouw (in Dutch). Retrieved 2024-09-20.
  7. Sharma, Alkesh. "Singapore's Group-IB plans to produce local cyber technologies from Dubai". The National. Retrieved 2024-09-20.
  8. "Group-IB to open Digital Crime Resistance Center in Thailand - ET CIO SEA". ETCIO.com. Retrieved 2024-09-20.
  9. Marrow, Alexander (April 20, 2023). "Cyber firm Group-IB finalises Russia split to spur global ambitions". Reuters. Retrieved 20 September 2024.
  10. "Group-IB exits Russia to focus exclusively on expanding global Digital Crime Resistance network". www.zawya.com. Retrieved 2024-09-20.
  11. "Ilya Sachkov withdraws from Group-IB international business, maintains stake in Russian legal entity with changed brand". interfax.com. Retrieved 2024-09-20.
  12. Security, Help Net (2022-07-01). "Product showcase: Group-IB Unified Risk Platform". Help Net Security. Retrieved 2024-09-20.
  13. "Group-IB joins APAC Computer Emergency Response Team". Channel Asia. Retrieved 2024-09-20.
  14. "Trusted Introducer : Home". www.trusted-introducer.org. Retrieved 2024-09-20.
  15. "FIRST - Improving Security Together". FIRST — Forum of Incident Response and Security Teams. Retrieved 2024-09-20.
  16. "OIC-CERT | Organisation of The Islamic Cooperation - Computer Emergency Response Team". www.oic-cert.org. Retrieved 2024-09-20.
  17. "APWG | Group-IB enhances data exchange operations by joining Anti-Phishing Working Group". Retrieved 2024-09-20.
  18. "Member Teams : About APCERT / APCERT". www.apcert.org. Retrieved 2024-09-20.
  19. Olenick, Doug (2017-11-02). "Group IB, INTERPOL sign data exchange agreement". SC Media. Retrieved 2024-09-20.
  20. "Europol signs agreement with Group-IB to cooperate in fighting cybercrime". Europol. Retrieved 2024-09-20.
  21. "EC3 Partners". Europol. Retrieved 2024-09-20.
  22. "12 online fraudsters arrested in global operation against counterfeiters". Europol. Retrieved 2024-09-20.
  23. Ropek, Lucas (2022-08-26). "A Massive Hacking Campaign Stole 10,000 Login Credentials From 130 Different Organisations". Gizmodo Australia. Retrieved 2024-09-20.
  24. "INTERPOL supports arrest of cybercriminals targeting online shopping websites". www.interpol.int. Retrieved 2024-09-20.
  25. "Three arrested as INTERPOL, Group-IB and the Nigeria Police Force disrupt prolific cybercrime group". www.interpol.int. Retrieved 2024-09-20.
  26. "Moroccan police arrest suspected cybercriminal after INTERPOL probe". www.interpol.int. Retrieved 2024-09-20.
  27. "Suspected head of cybercrime gang arrested in Nigeria". www.interpol.int. Retrieved 2024-09-20.
  28. "Suspected key figure of notorious cybercrime group arrested in joint operation". www.interpol.int. Retrieved 2024-09-20.
  29. "Cybercrime Group OPERA1ER Stole $11M From 16 African Businesses". www.darkreading.com. Retrieved 2024-09-20.
  30. "https://www.gdf.gov.it/it/gdf-comunica/notizie-ed-eventi/comunicati-stampa/anno-2021/novembre/operazione-oo-vax-free-sgominata-la-banda-dei-green-pass". www.gdf.gov.it. Retrieved 2024-09-20. {{cite web}}: External link in |title= (help)
  31. "Telegram channel admins who sold fake vaccine cards arrested". BleepingComputer. Retrieved 2024-09-20.
  32. Starks, Tim (2021-07-23). "Dutch police bust alleged 'Fraud Family' phishing service members". CyberScoop. Retrieved 2024-09-20.
  33. Leyden, John (30 May 2017). "NORK spy agency blamed for Bangladesh cyberheist, Sony Pictures hack". The Register. Retrieved 20 September 2024.
  34. Leyden, John (5 September 2018). "Silence! Cybercrime's Pinky and the Brain have nicked $800k off banks". The Register. Retrieved 20 September 2024.
  35. "New Silence hacking group suspected of having ties to cyber-security industry". ZDNET. Retrieved 2024-09-20.
  36. "Silence Advanced Hackers Attack Banks All Over the World". BleepingComputer. Retrieved 2024-09-20.
  37. Page, Carly (2022-08-08). "Twilio hacked by phishing campaign". TechCrunch. Retrieved 2024-09-20.
  38. Roth, Emma (2022-08-08). "Twilio suffers data breach after its employees were targeted by a phishing campaign". The Verge. Retrieved 2024-09-20.
  39. Page, Carly (2022-08-25). "Twilio hackers breached more than 130 organizations". TechCrunch. Retrieved 2024-09-20.
  40. Weatherbed, Jess (2022-08-26). "A huge phishing campaign has targeted over 130 companies, affecting Twilio and Signal". The Verge. Retrieved 2024-09-20.
  41. "Suspected State Hackers Stole Military Data From Asian Countries". Bloomberg.com. 2023-01-11. Retrieved 2024-09-20.
  42. "Suspected State-Backed Hackers Hit More Nations as Threat Grows". Bloomberg.com. 2023-05-31. Retrieved 2024-09-20.
  43. Page, Carly (2023-08-23). "Hackers exploit WinRAR zero-day bug to steal funds from broker accounts". TechCrunch. Retrieved 2024-09-20.
  44. "Threat Actor Exploits Zero-Day in WinRAR to Target Crypto Accounts". www.darkreading.com. Retrieved 2024-09-20.
  45. "CVE Website". www.cve.org. Retrieved 2024-09-20.
Categories:
Group-IB: Difference between revisions Add topic