#FraudMule operators in the #META region have shifted tactics rapidly. Group-IB analysis of 200M+ mobile sessions outlines six evolutionary stages, from VPN obfuscation to physical device muling, and the countermeasures that neutralized each step. #Cybersecurity

Group-IB is proud to have supported INTERPOL's #OperationSerengeti 2.0, a large-scale multinational crackdown on cybercrime conducted between June and August 2025. Investigators from 18 #African countries and the #UnitedKingdom took part in the operation, which led to the

Since 2023,#ShadowSilk has targeted government entities across Central Asia & #APAC. Our investigation uncovered direct infrastructure & toolset overlaps with the known group #YoroTrooper, linking these campaigns to a broader, ongoing operation focused on data exfiltration. #APT

From live #deepfakes to scam call centers powered by synthetic voices, #AI is no longer hype—it’s already embedded in cybercrime workflows. According to a report by Resemble AI, in just Q2 2025, deepfake fraud alone caused $350M in damages. Threat actors are scaling

Between July 24 and August 7, 2025, we observed a 241% surge in #Hacktivist attacks, with 139 incidents linked to 19 distinct groups (11 pro-Cambodian, 8 pro-Thai). The conflict saw a clear division in targeting: Cambodian groups focused on Thai government, education, and

Group-IB provided critical investigative intelligence supporting INTERPOL’s #OperationContender 3.0, a successful multinational cybercrime takedown across Africa. The operation resulted in law enforcement agencies across 14 countries arresting 260 suspects and the seizure of

Can you trust the voice on the other end? #Cybercriminals are leveraging accessible #AI voice cloning platforms, needing only seconds of public audio, combined with telecom SS7/PSTN vulnerabilities for caller ID spoofing to execute highly convincing Vishing attacks. Explore

Group-IB Threat Intelligence uncovered a global espionage operation by #MuddyWater (TA450). MuddyWater targeted international organizations and more than 100 governments worldwide to gather foreign intelligence using the Phoenix v4 malware #phishingawareness

🎯 Cybercriminals don’t need to hack your system. They just need to hack your trust. From fake job offers to “verified account” messages, social media has become a playground for scammers who prey on emotion, urgency, and curiosity. Understanding how these tactics work is the

#InvestmentScam platforms are run by sophisticated multi-actor networks, not lone operators. Our analysis breaks down the roles of Masterminds, Target Intelligence, Backend Operators, and Payment Handlers that enable these fraud campaigns. Discover how these ecosystems operate

🚨 #LockBit has unveiled LockBit 5.0, timed with the 6th anniversary of its affiliate program in a bid to regain market share. Early reporting suggests a modular architecture, faster multi-threaded encryption, enhanced EDR bypass techniques, and updated affiliate incentives.

Adversaries can bind-mount a manipulated workspace over /proc/<pid> to rewrite what tools like ps/top show, renaming #malicious processes into benign tokens and sabotaging initial triage. We reproduce this technique end-to-end in our lab walkthrough. #CyberSecurity

Attackers are abusing /proc to spoof process names and start times, making ps & top lie. Our latest investigation shows the technique end to end, with detection and mitigations. Read more: link.group-ib.com/4nAh51r #CyberSecurity #Linux

A coordinated scam campaign is spreading across several regions, including Latin America, using fake news pages and #deepfakes to promote alleged investment platforms. Goal? to steal personal and payment data by exploiting politically sensitive periods, such as pre- and

🚨Bloody Wolf Expands Across Central Asia 🚨 Since June 2025, Group-IB analysts have been tracking a rapidly evolving campaign by #BloodyWolf, an #APTGroup weaponizing trusted government identities to deliver lightweight but highly effective JAR-based loaders. By impersonating

🚨 Tracking the Rise of Chinese Tap-to-Pay Android Malware Tap-to-pay fraud is no longer limited to stolen cards or physical proximity. Threat actors are now abusing NFC-enabled #Androidmalware to relay #paymentdata in real time, enabling remote, contactless fraud at scale. Our

Threat actors behind #GTFire are systematically abusing Google's trusted infrastructure to evade detection at scale. By chaining Google Firebase hosting with Google Translate's proxy, they create a multi-stage redirect chain that obfuscates final phishing destinations. The