Group-IB Archives • Information Security News

The Global Takedown: Interpol’s Operation Synergia III Crushes 45,000 Malicious Servers Ransomware Fragmentation Ransomware Crypto hack TP-Link, zero-day Austrian cyberattack Pre-CVE Exploitation Cyber Espionage IntelBroker Arrest

Ransomware Fragmentation Ransomware Crypto hack TP-Link, zero-day Austrian cyberattack Pre-CVE Exploitation Cyber Espionage IntelBroker Arrest

The Global Takedown: Interpol’s Operation Synergia III Crushes 45,000 Malicious Servers

ddos March 17, 2026

An international law enforcement crusade against cybercriminality has yielded monumental results. Constabularies spanning dozens of sovereign nations...

The Taxman’s Shadow: How a $2M Fraud Syndicate Impersonated Indonesia’s Official Coretax Service

ddos February 23, 2026

In Indonesia, a sophisticated fraudulent enterprise has been unmasked, masquerading as the official Coretax fiscal service. Adversaries...

The Blockchain Ghost: DeadLock Ransomware Uses Smart Contracts to Defy Bans screenshot-of-a-system-infected-with-deadlock-ransomware.png

The Blockchain Ghost: DeadLock Ransomware Uses Smart Contracts to Defy Bans

ddos January 16, 2026

The DeadLock syndicate, which emerged within the cyber threat landscape during the summer of 2025, persists as...

The Ghost in the Terminal: How “Ghost Tap” Malware Hijacks Your NFC Card

ddos January 12, 2026

Group-IB researchers have identified a burgeoning proliferation of Android malware within subterranean marketplaces designed to exploit Near...

The Gig Trap: Group-IB Exposes 1,500+ Fake Job Ads Draining MENA Wallets

ddos December 30, 2025

Fraudulent job advertisements promising easy income and remote work continue to flood social media platforms, particularly across...

GoldFactory Malware Injects FriHook/SkyHook into Banking Apps to Exploit 11K SE Asia Users infection-chain-gold-factory

GoldFactory Malware Injects FriHook/SkyHook into Banking Apps to Exploit 11K SE Asia Users

ddos December 5, 2025

The GoldFactory group has launched a new wave of attacks targeting mobile-banking users across Southeast Asia. Disguising...

Bloody Wolf Hackers Impersonate Government Agencies to Deploy NetSupport RAT in Central Asia

ddos November 29, 2025

The “Bloody Wolf” group is expanding its targeted campaign across Central Asia, deploying NetSupport RAT and impersonating...

UNC2891: Raspberry Pi, Custom Rootkit CAKETAP Fuel Sophisticated ATM Fraud Campaign UNC2891 ATM Fraud

UNC2891: Raspberry Pi, Custom Rootkit CAKETAP Fuel Sophisticated ATM Fraud Campaign

ddos November 24, 2025

Specialists from Group-IB have released an in-depth analysis of the long-running UNC2891 campaign, which demonstrates how inventive...

ShadowSilk: The Hybrid Espionage Group Targeting Central Asian Governments

ddos August 29, 2025

The group ShadowSilk has been identified as the orchestrator of a new wave of cyberattacks against government...

Fraudsters Evolve: How Money Mules Are Using Starlink and AI to Launder Funds

ddos August 25, 2025

Over the past two years, the banking sector across the Middle East, Turkey, and Africa has witnessed...

Group-IB Exposes How Hackers Use Linux Bind Mounts (MITRE T1564.013) to Hide ATM Attack

ddos August 2, 2025

Hackers infiltrated a bank’s internal network by installing a Raspberry Pi mini-computer equipped with a 4G modem,...

Signed Drivers Fueling Kernel Attacks: 620+ Malicious Drivers & 80+ Compromised Certs Target Windows Signed Drivers, Kernel Malware

Signed Drivers Fueling Kernel Attacks: 620+ Malicious Drivers & 80+ Compromised Certs Target Windows

ddos July 9, 2025

Malicious actors are increasingly leveraging digitally signed drivers to carry out stealthy attacks on the Windows kernel,...

Group-IB

You may have missed

The War for Your Documents: Why The Document Foundation is Challenging Microsoft’s OOXML Monopoly

Urgent Patch: Microsoft Defender Update Fixes Critical SYSTEM-Level Privilege Escalation Flaw

The Pre-Boot Breach: Microsoft Releases Critical Emergency Script to Defend Against “YellowKey” BitLocker Bypass

The Reddit Clone: Meta Secretly Launches “Forum” App to Unbundle Facebook Groups