Group-IB: Difference between revisions

Browse history interactively ← Previous edit Next edit →Content deleted Content addedVisual WikitextInline

Revision as of 11:16, 23 September 2024 view sourceC.Fred (talk \| contribs)Autopatrolled, Administrators278,311 edits Restored revision 1247226468 by C.Fred (talk): This admin does not see an obvious COI or other problems with edits; please discuss on talk page and get consensusTags: Twinkle Undo Reverted← Previous edit		Revision as of 19:09, 25 September 2024 view source Synchaas (talk \| contribs)23 edits Reverted it back to last stable versionTag: RevertedNext edit →
Line 5:		Line 5:
	\| founded = 2003		\| founded = 2003
	\| key_people = Dmitry Volkov (CEO)		\| key_people = Dmitry Volkov (CEO)
	\| ~~hq_location~~ = Singapore		\| hq_location_country = Singapore
	\| num_locations = Singapore, Netherlands, ~~UAE,~~ ~~Vietnam~~, Thailand, ~~Uzbekistan~~, ~~Chile~~		\| num_locations = Singapore, Netherlands, United Arab Emirates, Thailand, Vietnam, Malaysia, Uzbekistan.
	\| area_served = Worldwide		\| area_served = Worldwide
			\| products =
	\| products = Threat Intelligence, Fraud Protection, Managed Extended Detection and Response (XDR), Network Traffic Analysis, Sandbox, Endpoint Detection and Response (EDR), Attack Surface Management, Digital Risk Protection, Business Email Protection, Digital Forensics & Incident Response, Cybersecurity Audit & Consulting, Hi-Tech Cyber Crime Investigation, Cyber Education
			\| services = Brand Protection, Threat Intelligence, Behavioral biometrics in combination with cybersecurity, Information Security
	\| services =
	\| num_employees = ~~300 (March 2024)~~		\| num_employees = 250+
	\| website = ~~{{URL\|~~www.group-ib.com }}		\| website =
	}}		}}
	'''Group-IB''' is a ] ] company~~, established in 2003 and~~ headquartered in ]. ~~The company creates cybersecurity technologies to investigate, prevent, and fight ].~~		'''Group-IB''' (established in 2003) is a ] company headquartered in ].

	Group-IB’s Digital Crime Resistance Centers are located in the ], ]<ref>{{Cite web \|last=Asia \|first=Times of Central \|date=2023-12-27 \|title=Group-IB Opens First Digital Crime Resistance Center in Central Asia - The Times Of Central Asia \|url=https://timesca.com/group-ib-opens-first-digital-crime-resistance-center-in-central-asia/ \|access-date=2024-09-20 \|language=en-US}}</ref>, ], and ].<ref>{{Cite web \|last=Page \|first=Carly \|date=2023-11-01 \|title=With its exit from Russia complete, Group-IB plans its US expansion \|url=https://techcrunch.com/2023/11/01/group-ib-united-states-expansion/ \|access-date=2024-09-20 \|website=TechCrunch \|language=en-US}}</ref>

	== History ==		== History ==

	~~Dmitry Volkov, who serves as the company’s CEO, co-founded~~ Group-IB ~~together~~ ~~with~~ ~~his~~ ~~university~~ ~~classmate,~~ ], in ~~2003~~.<ref>{{Cite web \|~~last~~=~~Knowles~~ ~~\|first=Catherine~~ ~~\|date=14 December 2023 \|title=Cybersecurity firm~~ Group-IB ~~tracks~~ ~~major~~ ~~new threat actor GambleForce~~ \|url=https://~~securitybrief~~.~~asia~~/~~story~~/~~cybersecurity~~-~~firm~~-group-ib-~~tracks~~-~~major-new~~-~~threat-actor-gambleforce~~ \|access-date=~~20 September~~ 2024 \|website=~~Security~~ ~~Brief~~ ~~Asia~~}}</ref> ~~Originally~~ ~~founded~~ ~~in Russia~~, ~~the~~ ~~company~~ ~~moved~~ ~~its~~ ~~headquarters~~ to Singapore in ~~2019~~.<ref>{{Cite web \|date=~~2018~~-10-10 \|title=~~Russian cybersecurity firm~~ Group-IB to ~~move~~ ~~global~~ ~~HQ to Singapore~~ \|url=https://~~www.businesstimes~~.com~~.sg~~/~~startups-tech~~/~~technology/russian-cybersecurity-firm-~~group-ib-~~move~~-~~global~~-hq-~~singapore~~ \|access-date=2024-09-20 \|website=~~The Business Times~~ \|language=en}}</ref>		Group-IB was founded in 2003 by ] and Dmitry Volkov in ]. Six years later the firm moved to Singapore.<ref>{{Cite web \|title=Russian cyber titan Group-IB makes Singapore home \|url=https://www.channelasia.tech/article/1268752/russian-cyber-titan-group-ib-makes-singapore-home.html \|access-date=2024-03-10 \|website=Channel Asia \|language=en-US}}</ref> In July 2020, it received funding from the ] of Singapore by venture capital firm TNB Ventures.<ref>{{Cite web \|last= \|first= \|date=2020-07-30 \|title=Group-IB Receives Funding from CSA \|url=https://aithority.com/security/group-ib-receives-funding-from-csa/ \|access-date=2024-03-10 \|website=AiThority \|language=en-US}}</ref>

	In August 2020, Group-IB became one of the nine cybersecurity firms that received a grant<ref>{{Cite news \|first=Irene \|last=Tham \|date=2020-07-30 \|title=9 cyber security firms to receive funding to defend Singapore's critical systems, smart nation projects \|url=https://www.straitstimes.com/tech/nine-cyber-security-firms-to-receive-funding-to-defend-singapores-critical-systems-smart-nation \|access-date=2024-09-20 \|work=The Straits Times \|language=en \|issn=0585-3923}}</ref> from the ] of Singapore and the locally based venture capital firm . In November 2020, Group-IB opened<ref>{{Cite web \|last=Koerkamp \|first=Geert Groot \|date=2020-11-13 \|title=Russische cybercrimebestrijder gaat Nederlandse bedrijven helpen bij het opsporen van computercriminelen \|url=https://www.trouw.nl/buitenland/russische-cybercrimebestrijder-gaat-nederlandse-bedrijven-helpen-bij-het-opsporen-van-computercriminelen~b14e2f14/ \|access-date=2024-09-20 \|website=] \|language=nl}}</ref> its European Headquarters in ], the ]. Seven months later, the company launched its Middle East and Africa operations by setting-up<ref>{{Cite web \|last=Sharma \|first=Alkesh \|title=Singapore’s Group-IB plans to produce local cyber technologies from Dubai \|url=https://www.thenationalnews.com/business/technology/singapore-s-group-ib-plans-to-produce-local-cyber-technologies-from-dubai-1.1233604 \|access-date=2024-09-20 \|website=The National \|language=en}}</ref> a regional HQ in ], the ]. In March 2023, Group-IB announced its plans<ref>{{Cite web \|title=Group-IB to open Digital Crime Resistance Center in Thailand - ET CIO SEA \|url=https://ciosea.economictimes.indiatimes.com/news/security/group-ib-to-open-digital-crime-resistance-center-in-thailand/98680964 \|access-date=2024-09-20 \|website=ETCIO.com \|language=en}}</ref> to open a Digital Crime Resistance Center in ].

	On April 20, 2023, Group-IB finalized<ref>{{Cite web \|last=Marrow \|first=Alexander \|date=April 20, 2023 \|title=Cyber firm Group-IB finalises Russia split to spur global ambitions \|url=https://www.reuters.com/technology/cyber-firm-group-ib-finalises-russia-split-spur-global-ambitions-2023-04-20/ \|access-date=20 September 2024 \|website=Reuters}}</ref> its exit from ] to focus on expanding the global Digital Crime Resistance network<ref>{{Cite web \|title=Group-IB exits Russia to focus exclusively on expanding global Digital Crime Resistance network \|url=https://www.zawya.com/en/press-release/companies-news/group-ib-exits-russia-to-focus-exclusively-on-expanding-global-digital-crime-resistance-network-dr0m0ru4 \|access-date=2024-09-20 \|website=www.zawya.com \|language=en}}</ref>. Dmitry Volkov, co-founder and CEO, sold his stake in Group-IB’s Russia-based business to the company’s local management, while Sachkov had sold his 37.5 percent stake<ref>{{Cite web \|title=Ilya Sachkov withdraws from Group-IB international business, maintains stake in Russian legal entity with changed brand \|url=https://interfax.com/newsroom/top-stories/89822/ \|access-date=2024-09-20 \|website=interfax.com}}</ref> in the Singapore entity to members of top management there.

	== Products ==

	Group-IB's Unified Risk Platform<ref>{{Cite web \|last=Security \|first=Help Net \|date=2022-07-01 \|title=Product showcase: Group-IB Unified Risk Platform \|url=https://www.helpnetsecurity.com/2022/07/01/product-showcase-group-ib-unified-risk-platform/ \|access-date=2024-09-20 \|website=Help Net Security \|language=en-US}}</ref> monitors ] at all times in order to detect advanced attacks and techniques. The Unified Risk Platform provides complete coverage of the cyber response chain. Group-IB's products and services consolidated in the Unified Risk Platform include Group-IB's ] Managed ] (XDR), Digital Risk Protection, ] Protection, ] Management, Business Email Protection, Audit & Consulting, Education & Training, ] & ], and Cyber Investigations. Group-IB's solutions and services have been recognized by various research agencies such as ], Aite Novarica, ], KuppingerCole Analysts AG, and more.

	Group-IB's ] (CERT-GIB), a private emergency response team that performs threat monitoring across Asia<ref>{{Cite web \|title=Group-IB joins APAC Computer Emergency Response Team \|url=https://www.channelasia.tech/article/1266736/group-ib-joins-apac-computer-emergency-response-team.html \|access-date=2024-09-20 \|website=Channel Asia \|language=en-US}}</ref>, Europe and the Middle East and Africa region, holds the status of an accredited member of Trusted Introducer<ref>{{Cite web \|title=Trusted Introducer : Home \|url=https://www.trusted-introducer.org/index.html \|access-date=2024-09-20 \|website=www.trusted-introducer.org}}</ref>. CERT-GIB is a member of the global Forum of Incident Response and Security Teams (FIRST)<ref>{{Cite web \|title=FIRST - Improving Security Together \|url=https://www.first.org/ \|access-date=2024-09-20 \|website=FIRST — Forum of Incident Response and Security Teams \|language=en}}</ref> and a member of the OIC Computer Emergency Response Team<ref>{{Cite web \|title=OIC-CERT {{!}} Organisation of The Islamic Cooperation - Computer Emergency Response Team \|url=https://www.oic-cert.org/en/commercialmembers.html#.X8dG3WgzY2w \|access-date=2024-09-20 \|website=www.oic-cert.org}}</ref>. CERT-GIB has been a member of the Anti-Phishing Working Group since October 2020<ref>{{Cite web \|title=APWG {{!}} Group-IB enhances data exchange operations by joining Anti-Phishing Working Group \|url=https://apwg.org/group-ib-enhances-data-exchange-operations-by-joining-anti-phishing-working-group/ \|access-date=2024-09-20 \|language=en-US}}</ref> and a corporate partner of the Asia Pacific Computer Emergency Response Team since February 2023<ref>{{Cite web \|title=Member Teams : About APCERT / APCERT \|url=https://www.apcert.org/about/structure/members.html \|access-date=2024-09-20 \|website=www.apcert.org}}</ref>.

⚫	== Investigations with law enforcement ==

	Group-IB has been a private sector partner of ] since 2017<ref>{{Cite web \|last=Olenick \|first=Doug \|date=2017-11-02 \|title=Group IB, INTERPOL sign data exchange agreement \|url=https://www.scmagazine.com/news/group-ib-interpol-sign-data-exchange-agreement \|access-date=2024-09-20 \|website=SC Media \|language=en}}</ref>. In 2015, ] signed<ref>{{Cite web \|title=Europol signs agreement with Group-IB to cooperate in fighting cybercrime \|url=https://www.europol.europa.eu/media-press/newsroom/news/europol-signs-agreement-group-ib-to-cooperate-in-fighting-cybercrime \|access-date=2024-09-20 \|website=Europol \|language=en}}</ref> an agreement with Group-IB to cooperate in fighting cybercrime. Since then, the company has been a member of the Europol ] (EC3) Advisory Group on Internet Security<ref>{{Cite web \|title=EC3 Partners \|url=https://www.europol.europa.eu/about-europol/european-cybercrime-centre-ec3/ec3-partners \|access-date=2024-09-20 \|website=Europol \|language=en}}</ref>, which was created to foster closer cooperation between Europol and its leading non-law enforcement partners. In 2020 and 2021, Group-IB cooperated with Europol, payment companies and law enforcement authorities involved in the framework of the ] Action - an operation targeting fraudsters selling and purchasing compromised card details on websites selling stolen credit card data, known as card shops<ref>{{Cite web \|title=12 online fraudsters arrested in global operation against counterfeiters \|url=https://www.europol.europa.eu/media-press/newsroom/news/12-online-fraudsters-arrested-in-global-operation-against-counterfeiters \|access-date=2024-09-20 \|website=Europol \|language=en}}</ref>.

	In line with Group-IB's mission of fighting cybercrime<ref>{{Cite web \|last=Ropek \|first=Lucas \|date=2022-08-26 \|title=A Massive Hacking Campaign Stole 10,000 Login Credentials From 130 Different Organisations \|url=https://gizmodo.com.au/2022/08/a-massive-hacking-campaign-stole-10000-login-credentials-from-130-different-organisations/ \|access-date=2024-09-20 \|website=Gizmodo Australia \|language=en-AU}}</ref>, the company's cyber investigators regularly support global anti-cybercrime operations such as INTERPOL-led "Night Fury"<ref>{{Cite web \|title=INTERPOL supports arrest of cybercriminals targeting online shopping websites \|url=https://www.interpol.int/en/News-and-Events/News/2020/INTERPOL-supports-arrest-of-cybercriminals-targeting-online-shopping-websites \|access-date=2024-09-20 \|website=www.interpol.int \|language=en}}</ref>, "Falcon"<ref>{{Cite web \|title=Three arrested as INTERPOL, Group-IB and the Nigeria Police Force disrupt prolific cybercrime group \|url=https://www.interpol.int/en/News-and-Events/News/2020/Three-arrested-as-INTERPOL-Group-IB-and-the-Nigeria-Police-Force-disrupt-prolific-cybercrime-group \|access-date=2024-09-20 \|website=www.interpol.int \|language=en}}</ref>, "Lyrebird"<ref>{{Cite web \|title=Moroccan police arrest suspected cybercriminal after INTERPOL probe \|url=https://www.interpol.int/News-and-Events/News/2021/Moroccan-police-arrest-suspected-cybercriminal-after-INTERPOL-probe \|access-date=2024-09-20 \|website=www.interpol.int \|language=en}}</ref>, "Delilah"<ref>{{Cite web \|title=Suspected head of cybercrime gang arrested in Nigeria \|url=https://www.interpol.int/News-and-Events/News/2022/Suspected-head-of-cybercrime-gang-arrested-in-Nigeria \|access-date=2024-09-20 \|website=www.interpol.int \|language=en}}</ref>, as well as the operation "Nervone"<ref>{{Cite web \|title=Suspected key figure of notorious cybercrime group arrested in joint operation \|url=https://www.interpol.int/en/News-and-Events/News/2023/Suspected-key-figure-of-notorious-cybercrime-group-arrested-in-joint-operation \|access-date=2024-09-20 \|website=www.interpol.int \|language=en}}</ref> which resulted in the arrest of a suspected senior member of the OPERA1ER hacker group. The group is believed to have stolen as estimated USD 11 million in more than 30 attacks across 15 countries in Africa, Asia and Latin America, according to an overview of OPERA1ER's methods published by Group-IB and ] in November 2022<ref>{{Cite web \|title=Cybercrime Group OPERA1ER Stole $11M From 16 African Businesses \|url=https://www.darkreading.com/cyberattacks-data-breaches/cybercrime-group-opera1er-stole-11m-from-16-african-businesses \|access-date=2024-09-20 \|website=www.darkreading.com \|language=en}}</ref>.

	In November 2021, as part of the operation "No-vax free"<ref>{{Cite web \|title=https://www.gdf.gov.it/it/gdf-comunica/notizie-ed-eventi/comunicati-stampa/anno-2021/novembre/operazione-oo-vax-free-sgominata-la-banda-dei-green-pass \|url=https://www.gdf.gov.it/it/gdf-comunica/notizie-ed-eventi/comunicati-stampa/anno-2021/novembre/operazione-oo-vax-free-sgominata-la-banda-dei-green-pass \|access-date=2024-09-20 \|website=www.gdf.gov.it \|language=en}}</ref>, Group-IB helped<ref>{{Cite web \|title=Telegram channel admins who sold fake vaccine cards arrested \|url=https://www.bleepingcomputer.com/news/legal/telegram-channel-admins-who-sold-fake-vaccine-cards-arrested/ \|access-date=2024-09-20 \|website=BleepingComputer \|language=en-us}}</ref> ] (GdF), the Italian ] agency, in the probe into activities of the criminal organization which trafficked fake ], documents issued for vaccinated Italian citizens and those tested negative or recently recovered from ] via ] messenger. In July 2022, Group-IB assisted the ] in the operation to apprehend alleged members of a cybercriminal phishing group named "Fraud Family"<ref>{{Cite web \|last=Starks \|first=Tim \|date=2021-07-23 \|title=Dutch police bust alleged 'Fraud Family' phishing service members \|url=https://cyberscoop.com/dutch-police-fraud-family-group-ib-phishing-fraud-as-a-service/ \|access-date=2024-09-20 \|website=CyberScoop \|language=en-US}}</ref>.

			In September 2021, its co-founder and then CEO, Ilya Sachkov was detained by Russian authorities for treason and was later jailed for 14 years.<ref>{{Cite news \|date=2021-09-29 \|title=Russia detains cyber-security tycoon Ilya Sachkov in treason case \|url=https://www.bbc.com/news/world-europe-58738952 \|access-date=2024-03-10 \|language=en-GB}}</ref><ref>{{Cite web \|title=Russian cybersecurity chief jailed for 14 years for treason \|url=https://www.aljazeera.com/news/2023/7/26/russian-cybersecurity-chief-jailed-for-14-years-on-treason \|access-date=2024-03-10 \|website=Al Jazeera \|language=en}}</ref> Consequently it was announced to split Russian and international business and finalized the split and sold the business in April 2023 handing over its interests to local management in Russia.<ref>{{Cite news \|date=July 6, 2022 \|title=Cyber firm Group-IB to split Russian, international businesses \|url=https://www.reuters.com/technology/russian-cyber-firm-group-ib-split-russian-international-businesses-2022-07-06/ \|work=Reuters}}</ref><ref>{{Cite news \|last=Marrow \|first=Alexander \|date=April 20, 2023 \|title=Cyber firm Group-IB finalizes Russia split to spur global ambitions \|url=https://www.reuters.com/technology/cyber-firm-group-ib-finalises-russia-split-spur-global-ambitions-2023-04-20/ \|work=Reuters}}</ref>
	== Research ==

			Group-IB signed a ] with AFRIPOL to strengthen cybersecurity capabilities in 2024 and extended their strategic partnership with Interpol at INTERPOL Global Complex for Innovation in Singapore.<ref>{{Cite news \|date=2024-02-23 \|title=INTERPOL and Group-IB extend strategic partnership to combat cybercrime worldwide - Defence & Security Middle East \|url=https://www.defsecme.com/security/cyber-security/interpol-and-group-ib-extend-strategic-partnership-to-combat-cybercrime-worldwide \|access-date=2024-03-28 \|work=Defence & Security Middle East \|language=en-US}}</ref><ref>{{Cite web \|date=2024-02-20 \|title=Cooperation AFRIPOL-GROUP IB to enhance cybersecurity across Africa - The AFRICAN Union Mechanism for Police Cooperation \|url=https://afripol.africa-union.org/cooperation-afripol-group-ib-to-enhance-cybersecurity-across-africa/ \|access-date=2024-03-28 \|language=en-US}}</ref><ref>{{Cite news \|date=2024-02-21 \|title=AFRIPOL signs MoU with Group-IB to focus on cybersecurity - Edge Middle East \|url=https://www.edgemiddleeast.com/security/cyber-security/afripol-signs-mou-with-group-ib-to-focus-on-cybersecurity \|access-date=2024-03-28 \|work=Edge Middle East \|language=en-US}}</ref>
	In 2017, Group-IB's Threat Intelligence team published a that provided further evidence of the links<ref>{{Cite web \|last=Leyden \|first=John \|date=30 May 2017 \|title=NORK spy agency blamed for Bangladesh cyberheist, Sony Pictures hack \|url=https://www.theregister.com/2017/05/30/nork_spy_agency_lazarus_group_attribution/ \|access-date=20 September 2024 \|website=The Register}}</ref> between the ] hacking group and ], a ] ] agency. In September 2018, Group-IB published a on a previously unknown Silence hacking group<ref>{{Cite web \|last=Leyden \|first=John \|date=5 September 2018 \|title=Silence! Cybercrime's Pinky and the Brain have nicked $800k off banks \|url=https://www.theregister.com/2018/09/05/silence_cybercrooks/ \|access-date=20 September 2024 \|website=The Register}}</ref> linked to the theft of at least $800,000<ref>{{Cite web \|title=New Silence hacking group suspected of having ties to cyber-security industry \|url=https://www.zdnet.com/article/new-silence-hacking-group-suspected-of-having-ties-to-cyber-security-industry/ \|access-date=2024-09-20 \|website=ZDNET \|language=en}}</ref> from Russian and Eastern European financial institutions. In a follow-up report titled “Silence 2.0: Going Global” from August 2019, Group-IB said the geography of the group’s attacks had shifted and estimated the resulting damage to be $4.2 million<ref>{{Cite web \|title=Silence Advanced Hackers Attack Banks All Over the World \|url=https://www.bleepingcomputer.com/news/security/silence-advanced-hackers-attack-banks-all-over-the-world/ \|access-date=2024-09-20 \|website=BleepingComputer \|language=en-us}}</ref>.

		⚫	== Investigations with law enforcement agencies ==
	On August 25, 2022, 18 days after ], a communication solutions provider, claimed it had suffered a data breach<ref>{{Cite web \|last=Page \|first=Carly \|date=2022-08-08 \|title=Twilio hacked by phishing campaign \|url=https://techcrunch.com/2022/08/08/twilio-breach-customer-data/ \|access-date=2024-09-20 \|website=TechCrunch \|language=en-US}}</ref> following a phishing campaign<ref>{{Cite web \|last=Roth \|first=Emma \|date=2022-08-08 \|title=Twilio suffers data breach after its employees were targeted by a phishing campaign \|url=https://www.theverge.com/2022/8/8/23296923/twilio-data-breach-phishing-campaign-employees-targeted \|access-date=2024-09-20 \|website=The Verge \|language=en}}</ref>. Group-IB researchers uncovered that the attack on Twilio was part of a wider campaign by a hacker group they codenamed "0ktapus"<ref>{{Cite web \|last=Page \|first=Carly \|date=2022-08-25 \|title=Twilio hackers breached more than 130 organizations \|url=https://techcrunch.com/2022/08/25/twilio-hackers-group-ib/ \|access-date=2024-09-20 \|website=TechCrunch \|language=en-US}}</ref>. According to Group-IB, 0ktapus compromised more than 130 organizations during their hacking spree and stole login credentials belonging to nearly 10,000 individuals, mimicking the popular single sign-on service ]<ref>{{Cite web \|last=Weatherbed \|first=Jess \|date=2022-08-26 \|title=A huge phishing campaign has targeted over 130 companies, affecting Twilio and Signal \|url=https://www.theverge.com/2022/8/26/23323036/phishing-scam-campaign-twilio-hack-companies \|access-date=2024-09-20 \|website=The Verge \|language=en}}</ref>.

			* It cooperated with Guardia di Finanza (GdF) as part of the operation ''No-vax free'' in 2021, the Italian police for financial crimes, in identifying the criminals trading in fake green passes of COVID-19 vaccines.<ref name=":0">{{Cite web \|last=Redazione \|date=2023-04-20 \|title=Group-IB lascia il mercato russo e continua lotta a cyber crime \|url=https://www.cybersecitalia.it/group-ib-lascia-il-mercato-russo-e-continua-ad-essere-partner-di-istituzioni-italiane-contro-il-cyber-crime/24368/ \|access-date=2024-03-10 \|website=CyberSecurity Italia \|language=it-IT}}</ref>
	In January 2023, the company's Threat Intelligence team uncovered a newly identified ] actor "Dark Pink"<ref>{{Cite news \|date=2023-01-11 \|title=Suspected State Hackers Stole Military Data From Asian Countries \|url=https://www.bloomberg.com/news/articles/2023-01-11/suspected-state-hackers-stole-military-data-from-asian-countries?embedded-checkout=true \|access-date=2024-09-20 \|work=Bloomberg.com \|language=en}}</ref>. Dark Pink, suspected to be linked to an Asian government, breached seven high-profile targets in Southeast Asia and Europe, including government and military agencies, according to Group-IB. On May 31, 2023, Dark Pink broadened its targets to government agencies in countries including Indonesia and Thailand, carrying out cyber-espionage as recently as April 2023, Group-IB said<ref>{{Cite news \|date=2023-05-31 \|title=Suspected State-Backed Hackers Hit More Nations as Threat Grows \|url=https://www.bloomberg.com/news/articles/2023-05-31/suspected-state-backed-hackers-dark-pink-hit-more-governments?embedded-checkout=true \|access-date=2024-09-20 \|work=Bloomberg.com \|language=en}}</ref>.

	In ~~August~~ ~~2023~~, ~~Group-IB~~ ~~discovered~~ the ], ~~which~~ ~~affected~~ ~~the~~ ~~processing~~ of ~~the~~ ] ~~file~~ ~~format~~ by ]<ref>{{Cite web \|last=~~Page~~ \|first=~~Carly~~ \|date=~~2023~~-08-23 \|title=~~Hackers~~ ~~exploit~~ ~~WinRAR~~ ~~zero-day bug to~~ ~~steal~~ ~~funds~~ ~~from~~ ~~broker~~ ~~accounts~~ \|url=https://~~techcrunch~~.com/~~2023/08/23/winrar~~-~~zero~~-~~day~~-~~funds~~-~~brokers~~/ \|access-date=2024-09-20 \|website=~~TechCrunch~~ \|language=en-US}}</ref>~~. Group-IB said hackers have been exploiting this vulnerability since April 2023 to spread malicious ZIP archives on trading forums~~<ref>{{Cite web \|~~title~~=~~Threat Actor Exploits Zero-Day in WinRAR to Target Crypto Accounts~~ \|~~url~~=~~https://www.darkreading.com/cyberattacks-data-breaches/threat-actor-exploits-zero-day-in-winrar-to-target-crypto-accounts~~ \|~~access-~~date=~~2024~~-09-20 \|~~website~~=~~www.darkreading.com \|language=en}}</ref>. ]~~-~~2023-38831~~ ~~was~~ ~~assigned~~ a ~~severity~~ ~~score~~ of ~~7.8<ref>{{Cite~~ ~~web~~ ~~\|title=CVE~~ ~~Website~~ \|url=https://~~www~~.~~cve.org~~/~~CVERecord?id=CVE~~-~~2023~~-~~38831~~ \|access-date=2024-09-20 \|website=~~www.cve.org~~}}</ref>.		* In 2022, the firm worked with the ] in an operation to apprehend alleged members of a phishing group named ''Fraud Family''.<ref>{{Cite web \|last=Starks \|first=Tim \|date=2021-07-23 \|title=Dutch police bust alleged 'Fraud Family' phishing service members \|url=https://cyberscoop.com/dutch-police-fraud-family-group-ib-phishing-fraud-as-a-service/ \|access-date=2024-03-10 \|website=CyberScoop \|language=en-US}}</ref><ref>{{Cite web \|last=Paganini \|first=Pierluigi \|date=2021-07-22 \|title=Group-IB helps Dutch police identify members of phishing developer gang Fraud Family \|url=https://securityaffairs.com/120428/cyber-crime/fraud-family-members-identified.html \|access-date=2024-03-10 \|website=Security Affairs \|language=en-US}}</ref>

	== References ==		== References ==

Revision as of 19:09, 25 September 2024

Group-IB
Company type	Private
Industry	Cybersecurity
Founded	2003
Headquarters	Singapore
Number of locations	Singapore, Netherlands, United Arab Emirates, Thailand, Vietnam, Malaysia, Uzbekistan.
Area served	Worldwide
Key people	Dmitry Volkov (CEO)
Services	Brand Protection, Threat Intelligence, Behavioral biometrics in combination with cybersecurity, Information Security
Number of employees	250+
Website	Official Website

Group-IB (established in 2003) is a cybersecurity company headquartered in Singapore.

History

Group-IB was founded in 2003 by Ilya Sachkov and Dmitry Volkov in Russia. Six years later the firm moved to Singapore. In July 2020, it received funding from the Cyber Security Agency of Singapore by venture capital firm TNB Ventures.

In September 2021, its co-founder and then CEO, Ilya Sachkov was detained by Russian authorities for treason and was later jailed for 14 years. Consequently it was announced to split Russian and international business and finalized the split and sold the business in April 2023 handing over its interests to local management in Russia.

Group-IB signed a MoU with AFRIPOL to strengthen cybersecurity capabilities in 2024 and extended their strategic partnership with Interpol at INTERPOL Global Complex for Innovation in Singapore.

Investigations with law enforcement agencies

It cooperated with Guardia di Finanza (GdF) as part of the operation No-vax free in 2021, the Italian police for financial crimes, in identifying the criminals trading in fake green passes of COVID-19 vaccines.

In 2022, the firm worked with the Dutch police in an operation to apprehend alleged members of a phishing group named Fraud Family.

References

"Russian cyber titan Group-IB makes Singapore home". Channel Asia. Retrieved 2024-03-10.
"Group-IB Receives Funding from CSA". AiThority. 2020-07-30. Retrieved 2024-03-10.
"Russia detains cyber-security tycoon Ilya Sachkov in treason case". 2021-09-29. Retrieved 2024-03-10.
"Russian cybersecurity chief jailed for 14 years for treason". Al Jazeera. Retrieved 2024-03-10.
"Cyber firm Group-IB to split Russian, international businesses". Reuters. July 6, 2022.
Marrow, Alexander (April 20, 2023). "Cyber firm Group-IB finalizes Russia split to spur global ambitions". Reuters.
"INTERPOL and Group-IB extend strategic partnership to combat cybercrime worldwide - Defence & Security Middle East". Defence & Security Middle East. 2024-02-23. Retrieved 2024-03-28.
"Cooperation AFRIPOL-GROUP IB to enhance cybersecurity across Africa - The AFRICAN Union Mechanism for Police Cooperation". 2024-02-20. Retrieved 2024-03-28.
"AFRIPOL signs MoU with Group-IB to focus on cybersecurity - Edge Middle East". Edge Middle East. 2024-02-21. Retrieved 2024-03-28.
Redazione (2023-04-20). "Group-IB lascia il mercato russo e continua lotta a cyber crime". CyberSecurity Italia (in Italian). Retrieved 2024-03-10.
Starks, Tim (2021-07-23). "Dutch police bust alleged 'Fraud Family' phishing service members". CyberScoop. Retrieved 2024-03-10.
Paganini, Pierluigi (2021-07-22). "Group-IB helps Dutch police identify members of phishing developer gang Fraud Family". Security Affairs. Retrieved 2024-03-10.

Categories: