#Godfather #Trojan
The Android banking Trojan Godfather is currently being utilized by cybercriminals to attack users of popular financial services across the globe. To date, 215 international banks, 94 cryptocurrency wallets and 110 crypto exchange platforms have fallen victim to this Trojan.
Group-IBโs Threat Intelligence team discovered that Godfather is a successor of Anubis, a widely-used banking Trojan whose functionalities were limited by Android updates and the prior efforts of malware detection and prevention providers. According to Group-IBโs findings, banking applications in the United States, Turkey, Spain, Canada, France, Germany, and the United Kingdom, have been the most targeted by Godfather.
In a new blog post, Group-IBโs Threat Intelligence team describes in detail who Godfather attacks, how it does it, and what this banking Trojan inherited from its predecessor. Read now๐
The Android banking Trojan Godfather is currently being utilized by cybercriminals to attack users of popular financial services across the globe. To date, 215 international banks, 94 cryptocurrency wallets and 110 crypto exchange platforms have fallen victim to this Trojan.
Group-IBโs Threat Intelligence team discovered that Godfather is a successor of Anubis, a widely-used banking Trojan whose functionalities were limited by Android updates and the prior efforts of malware detection and prevention providers. According to Group-IBโs findings, banking applications in the United States, Turkey, Spain, Canada, France, Germany, and the United Kingdom, have been the most targeted by Godfather.
In a new blog post, Group-IBโs Threat Intelligence team describes in detail who Godfather attacks, how it does it, and what this banking Trojan inherited from its predecessor. Read now
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ฅ9๐1
The agreement paves the way for Group-IB to provide its full stack of threat hunting and intelligence solutions to sirar by stc to bolster the cybersecurity options available to companies and organizations in Saudi Arabia. These solutions include Group-IBโs Attack Surface Management and Digital Risk Protection. sirar by stc will be able to offer Group-IBโs solutions as a managed service to their customers, to ensure that they have better visibility on their attack surface.
More details
#partnership
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ฅ8๐2
Group-IB has analyzed an ongoing advanced persistent threat campaign that we believe, with moderate confidence, was launched by a new threat actor. This new APT group, codenamed Dark Pink by Group-IB researchers, is notable due to their specific focus on attacking branches of the military, and government ministries and agencies.
Group-IB discovered that, as of December 2022, Dark Pink APT breached the security defenses of six organizations in five APAC countries (Cambodia, Indonesia, Malaysia, Philippines, and Vietnam), and one organization in Europe (Bosnia and Herzegovina).
Group-IB, in line with its zero-tolerance policy to cybercrime, has issued proactive notifications to all potential and confirmed targets of Dark Pink. Read our fresh blog post to get the details about the new threat actor๐
#APT #DarkPink
Group-IB discovered that, as of December 2022, Dark Pink APT breached the security defenses of six organizations in five APAC countries (Cambodia, Indonesia, Malaysia, Philippines, and Vietnam), and one organization in Europe (Bosnia and Herzegovina).
Group-IB, in line with its zero-tolerance policy to cybercrime, has issued proactive notifications to all potential and confirmed targets of Dark Pink. Read our fresh blog post to get the details about the new threat actor
#APT #DarkPink
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ฅ12๐1
This media is not supported in your browser
VIEW IN TELEGRAM
Group-IB presents the 11th edition of its annual report Hi-Tech Crime Trends 2022/2023 โ a comprehensive threat report, that analyzes various aspects of the cybercriminal world, examines attacks, and shares predictions for what lies ahead
What will you find in the report?
โข Analysis of current trends in cyber space
โข Forecasts for 2023
โข Detailed analysis of the global threat landscape
โข Security recommendations
Who is this report intended for?
The Hi-Tech Crime Trends 2022/2023 report is a practical guide for building effective cybersecurity strategies. It is intended for IT directors, heads of cybersecurity teams, technical specialists, including ะกISOs, SOC and DFIR teams, researchers and malware analysts, as well as threat hunting experts.
Want some spoilers?
โข Ransomware is the number one threat across all industries. Surprised? itโs unlikely to change soon.
โข Initial Access Brokers (IABs) make the attacks of ransomware gangs and other threat actors more affordable.
โข Amount of databases leaked worldwide has doubled and continues to grow.
โข Information stealers and clouds of logs โ a simple but serious threat.
Where can you get the full report?
The Hi-Tech Crime Trends 2022/2023 report is already available for downloading. Click here ๐
#HiTechCrimeTrends #report
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ฅ13๐3โค2๐2
Let's dive a little bit deeper into the ransomware threat. According to the latest edition of Group-IBโs annual Hi-Tech Crime Trends report, ransomware will remain the top threat for organizations and businesses in 2023.
Here are some highlights:
๐Across the globe, 2,886 companies had their information, files, and data published on ransomware DLS between H2 2021 โ H1 2022.
๐The top five most affected countries were the United States, Germany, United Kingdom, Canada, and Italy.
๐The largest number of ransomware-related data leak victims were found in the following sectors: manufacturing, real estate, professional services, and transportation industries.
๐The most active ransomware groups in H2 2021 โ H1 2022 were Lockbit, Conti, and Hive.
Want to learn more about Group-IB's findings on ransomware and other cyberthreats? Download our newest report Hi-Tech Crime Trends 2022/2023๐
#HiTechCrimeTrends #report #ransomware
Here are some highlights:
๐Across the globe, 2,886 companies had their information, files, and data published on ransomware DLS between H2 2021 โ H1 2022.
๐The top five most affected countries were the United States, Germany, United Kingdom, Canada, and Italy.
๐The largest number of ransomware-related data leak victims were found in the following sectors: manufacturing, real estate, professional services, and transportation industries.
๐The most active ransomware groups in H2 2021 โ H1 2022 were Lockbit, Conti, and Hive.
Want to learn more about Group-IB's findings on ransomware and other cyberthreats? Download our newest report Hi-Tech Crime Trends 2022/2023
#HiTechCrimeTrends #report #ransomware
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ฅ7๐1๐1
Make sure to download the full report
#HiTechCrimeTrends #report
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
๐7
Sharing is caring, and sharing data with the cybersec community is one of our contributions to the global fight against cybercrime. The Group-IB Threat Intelligence team now has its own Twitter account: make sure to follow for the latest research, analytics, IOCs and threat alerts ๐ https://twitter.com/GroupIB_TI
#ThreatIntelligence
#ThreatIntelligence
Please open Telegram to view this post
VIEW IN TELEGRAM
๐4๐ฅ2๐ฑ1
In the summer of 2022, the Group-IB Managed Extended Detection and Response (MXDR) solution successfully detected and blocked an email carrying a malicious attachment. This email was intended for Group-IBโs employees.
While analyzing this attack, the Group-IB Threat Intelligence team found patterns in the actions of the attackers and attributed the observed TTPs to the Tonto Team (aka HeartBeat, Karma Panda, CactusPete, Bronze Huntley, Earth Akhlut). What else did we find out about the threat actor?
โช๏ธThe attackers used phishing emails to deliver malicious Microsoft Office documents created with the Royal Road Weaponizer, a tool widely used by Chinese nation-state threat actors.
โช๏ธDuring the attack, Group-IB researchers noticed the use of the Bisonal.DoubleT backdoor. Bisonal.DoubleT is a unique tool developed by the Tonto Team APT.
โช๏ธThe attackers used a new downloader that Group-IB analysts named TontoTeam.Downloader (aka QuickMute).
Check out our fresh blog where we provide indicators of compromise associated with the Tonto Team campaign and detailed analysis of the tools, techniques, and procedures (TTPs) of the threat actor. This information is useful for organizations fighting cybercrime and information security professionals โ chief information officers, SOC analysts, and incident responders โ in other sectors targeted by the Tonto Team. Read
#APT #TontoTeam
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ฅ10๐5