Group-IB
#APT The state-sponsored hacker group APT41 (aka BARIUM, Winnti, LEAD, WICKED SPIDER, WICKED PANDA, Blackfly, Suckfly), whose goals are cyber espionage and financial gain, has been active since at least 2007. The Group-IB Threat Intelligence team estimatesโฆ
#APT #FightAgainstCybercrime
Want to learn more about the notorious APT41 group? Check out our latest blog post which details how the hackers conducted reconnaissance, gained initial access, ensured persistence and moved across the network, as well as what they were looking for on the compromised devices. In the conclusion section, we give advice on how to identify the groupโs infrastructure and protect yours. IT directors, heads of cybersecurity teams, SOC analysts and incident response specialists are likely to find this material useful. Read๐
If you are interested in what we do and would like to become an expert in the same field, you can take our Digital Forensics, Incident Response, and Threat Intelligence training courses. Letโs hunt together for the threats, and contribute to the fight against cybercrime โ a mission worthy of a superhero. Click the link๐
Want to learn more about the notorious APT41 group? Check out our latest blog post which details how the hackers conducted reconnaissance, gained initial access, ensured persistence and moved across the network, as well as what they were looking for on the compromised devices. In the conclusion section, we give advice on how to identify the groupโs infrastructure and protect yours. IT directors, heads of cybersecurity teams, SOC analysts and incident response specialists are likely to find this material useful. Read๐
If you are interested in what we do and would like to become an expert in the same field, you can take our Digital Forensics, Incident Response, and Threat Intelligence training courses. Letโs hunt together for the threats, and contribute to the fight against cybercrime โ a mission worthy of a superhero. Click the link๐
โค4๐2
#phishing #0ktapus
Group-IB has discovered that the recently disclosed phishing attacks on the employees of Twilio and Cloudflare were part of the massive phishing campaign that resulted in 9,931 thousand accounts of over 130 organizations being compromised.
The campaign was codenamed 0ktapus by Group-IB researchers due to the impersonation of a popular Identity and Access Management service. The vast majority of the victims are located in the United States and use Oktaโs Identity and Access Management services.
Group-IB Threat Intelligence team uncovered and analyzed the attackersโ phishing infrastructure, including phishing domains, the phishing kit as well as the Telegram channel controlled by the threat actors to drop compromised information.
Group-IB has discovered that the recently disclosed phishing attacks on the employees of Twilio and Cloudflare were part of the massive phishing campaign that resulted in 9,931 thousand accounts of over 130 organizations being compromised.
The campaign was codenamed 0ktapus by Group-IB researchers due to the impersonation of a popular Identity and Access Management service. The vast majority of the victims are located in the United States and use Oktaโs Identity and Access Management services.
Group-IB Threat Intelligence team uncovered and analyzed the attackersโ phishing infrastructure, including phishing domains, the phishing kit as well as the Telegram channel controlled by the threat actors to drop compromised information.
๐ฅ3๐1๐1
Group-IB
#phishing #0ktapus Group-IB has discovered that the recently disclosed phishing attacks on the employees of Twilio and Cloudflare were part of the massive phishing campaign that resulted in 9,931 thousand accounts of over 130 organizations being compromised.โฆ
#phishing #0ktapus
The primary goal of the threat actors was to obtain Okta identity credentials and two-factor authentication codes from users of the targeted organizations. These users received text messages containing links to phishing sites that mimicked the Okta authentication page of their organization.
The Group-IB team found that the threat actor managed to steal 9,931 user credentials, including 3,129 records with emails, and 5,441 records with MFA codes.
Out of 136 victim organizations that Group-IB was able to identify, 114 companies are in the USA. Most companies on the victimsโ list are providing IT, software development, and cloud services.
Want to learn more about 0ktapus campaign and get a list of the indicators of compromise, more insights into the investigation, as well as some recommendations on how to mitigate such attacks? Check out our latest blog post๐
The primary goal of the threat actors was to obtain Okta identity credentials and two-factor authentication codes from users of the targeted organizations. These users received text messages containing links to phishing sites that mimicked the Okta authentication page of their organization.
The Group-IB team found that the threat actor managed to steal 9,931 user credentials, including 3,129 records with emails, and 5,441 records with MFA codes.
Out of 136 victim organizations that Group-IB was able to identify, 114 companies are in the USA. Most companies on the victimsโ list are providing IT, software development, and cloud services.
Want to learn more about 0ktapus campaign and get a list of the indicators of compromise, more insights into the investigation, as well as some recommendations on how to mitigate such attacks? Check out our latest blog post๐
๐ฅ6๐3โค1
#cybersecurity #AiteNovarica
We are proud to announce that Group-IB has been named the largest and most experienced Incident Response Retainer (IRR) provider in Aite-Novaricaโs recent Impact Report on IRR market players.
Group-IBโs IRR program is based on the companyโs track record in responding to cyber incidents for 19 years, involving over 1,300 investigations across 60 countries, and racking up 70,000 hours of hands-on IR experience. According to the Aite-Novarica report, this experience makes Group-IB an outlier seven times over. Group-IB has over 150 active retainer clients, including the top 30 largest banks and financial services firms globally.
Check out the report to learn more๐
We are proud to announce that Group-IB has been named the largest and most experienced Incident Response Retainer (IRR) provider in Aite-Novaricaโs recent Impact Report on IRR market players.
Group-IBโs IRR program is based on the companyโs track record in responding to cyber incidents for 19 years, involving over 1,300 investigations across 60 countries, and racking up 70,000 hours of hands-on IR experience. According to the Aite-Novarica report, this experience makes Group-IB an outlier seven times over. Group-IB has over 150 active retainer clients, including the top 30 largest banks and financial services firms globally.
Check out the report to learn more๐
๐ฅ5๐1
#webinar
Imagine a huge wave of phishing emails hit your company. How can you be sure that no one opened malicious attachments or links? And what would be the consequences if this happened?
Detonation is the answer. Join our webinar "Having doubts? Detonate! Malware detonation use cases", where we will discuss the preparation of detonation environment, advantages and ways to use detonation in real practice.
Save the date: September 13 at 11 AM (GMT+1) / 2 PM (GMT + 4)
Register ๐
Imagine a huge wave of phishing emails hit your company. How can you be sure that no one opened malicious attachments or links? And what would be the consequences if this happened?
Detonation is the answer. Join our webinar "Having doubts? Detonate! Malware detonation use cases", where we will discuss the preparation of detonation environment, advantages and ways to use detonation in real practice.
Save the date: September 13 at 11 AM (GMT+1) / 2 PM (GMT + 4)
Register ๐
๐2๐ฅ2๐1
#phishing #Steam #CERT
Fraudsters have been creating hundreds of phishing resources mimicking Steam online gaming platform, but most of these websites looked half-baked and users easily spotted a fake.
A new threat emerged out of nowhere, and its name was browser-in-the-browser. Using the browser-in-the-browser phishing technique, hackers create a fake browser window on a phishing resource, which at first glance is indistinguishable from the authentic one. Threat actors decided to take advantage of the fact that Steam uses a pop-up window for user authentication instead of a new tab.
Since browser-in-the-browser technology poses a significant risk to users, Group-IB CERT-GIB specialists decided to analyze it in detail using an example of a phishing kit located on a resource that mimics Steam. Check out our new blog post๐
Fraudsters have been creating hundreds of phishing resources mimicking Steam online gaming platform, but most of these websites looked half-baked and users easily spotted a fake.
A new threat emerged out of nowhere, and its name was browser-in-the-browser. Using the browser-in-the-browser phishing technique, hackers create a fake browser window on a phishing resource, which at first glance is indistinguishable from the authentic one. Threat actors decided to take advantage of the fact that Steam uses a pop-up window for user authentication instead of a new tab.
Since browser-in-the-browser technology poses a significant risk to users, Group-IB CERT-GIB specialists decided to analyze it in detail using an example of a phishing kit located on a resource that mimics Steam. Check out our new blog post๐
๐ฅ4๐1
#cybersecurity #bootcamp
Group-IB took part in Security bootcamp 2022 in Vietnam! For the 10th time the event brought together numerous cyber security experts from across the country. Nam Le, Incident Response and Digital Forensics Analyst, and Anh Le, Business Development Manager, attended the bootcamp and happily provided Group-IBโs expertise. Le Phuong Nam shared a forensic case in his presentation "A money heist".
Thanks for such an amazing event! Sharing the latest knowledge and skills helps cybersecurity community to fight against cyber crime.
Group-IB took part in Security bootcamp 2022 in Vietnam! For the 10th time the event brought together numerous cyber security experts from across the country. Nam Le, Incident Response and Digital Forensics Analyst, and Anh Le, Business Development Manager, attended the bootcamp and happily provided Group-IBโs expertise. Le Phuong Nam shared a forensic case in his presentation "A money heist".
Thanks for such an amazing event! Sharing the latest knowledge and skills helps cybersecurity community to fight against cyber crime.
๐ฅ14โค1๐1
#scam #crypto
๐ธCrypto giveaway scams continue to soar: Group-IB has noted a fivefold increase in the number of domains used for crypto giveaway scams that involve fake YouTube streams in the first half of 2022. In addition to Vitalik Buterin, Elon Musk, and other crypto celebs, scammers started exploiting the name of Nayib Bukele, the president of Salvador.
Since Group-IBโs first report on the scheme, crypto giveaway scams evolved into an illicit market segment with multiple services that aim to facilitate fraudulent operations. According to Group-IB, 63% of the new fraudulent domain names were registered with Russian registrars, but the fake websites are primarily designed to target English and Spanish-speaking crypto investors in the US and other countries.
In the first six months of 2022, CERT-GIB identified more than 2,000 domains registered explicitly to be used as fake promotion websites.
Want to learn more? Check out our website๐
๐ธCrypto giveaway scams continue to soar: Group-IB has noted a fivefold increase in the number of domains used for crypto giveaway scams that involve fake YouTube streams in the first half of 2022. In addition to Vitalik Buterin, Elon Musk, and other crypto celebs, scammers started exploiting the name of Nayib Bukele, the president of Salvador.
Since Group-IBโs first report on the scheme, crypto giveaway scams evolved into an illicit market segment with multiple services that aim to facilitate fraudulent operations. According to Group-IB, 63% of the new fraudulent domain names were registered with Russian registrars, but the fake websites are primarily designed to target English and Spanish-speaking crypto investors in the US and other countries.
In the first six months of 2022, CERT-GIB identified more than 2,000 domains registered explicitly to be used as fake promotion websites.
Want to learn more? Check out our website๐
๐6โค2๐1๐ฅ1
#award #FightAgainstCybercrime
We are proud to announce that Group-IB has been recognized by Singapore Police Force (SPF) for its commitment and vigilance in detecting and deterring digital threats facing the country. Group-IB Founder and Chief Executive Officer, Dmitry Volkov was presented with an Appreciation Plaque by the Guest of Honor, Deputy Commissioner of Police (Investigation & Intelligence), Mr. How Kwang Hwee at the 8th Alliance of Public PrivAte Cybercrime sTakeholders (APPACT). Group-IB was presented with a token of appreciation alongside other APPACTโs members, including META, Google, TikTok, UOB, OCBC, and others.
"We are honored to be part of the SPF-led APPACT CCC, whose work strongly resonates with our long-standing mission of fighting cybercrime. And we will continue to collaborate closely with the Alliance members and SPF to raise awareness of cyber threats and ensure a safer digital environment for Singapore", Dmitry Volkov said.
More details๐
We are proud to announce that Group-IB has been recognized by Singapore Police Force (SPF) for its commitment and vigilance in detecting and deterring digital threats facing the country. Group-IB Founder and Chief Executive Officer, Dmitry Volkov was presented with an Appreciation Plaque by the Guest of Honor, Deputy Commissioner of Police (Investigation & Intelligence), Mr. How Kwang Hwee at the 8th Alliance of Public PrivAte Cybercrime sTakeholders (APPACT). Group-IB was presented with a token of appreciation alongside other APPACTโs members, including META, Google, TikTok, UOB, OCBC, and others.
"We are honored to be part of the SPF-led APPACT CCC, whose work strongly resonates with our long-standing mission of fighting cybercrime. And we will continue to collaborate closely with the Alliance members and SPF to raise awareness of cyber threats and ensure a safer digital environment for Singapore", Dmitry Volkov said.
More details๐
๐ฅ16๐1๐1