Sometimes I think that hurray, I finally have time to research one thing, but then a bunch of events arrive at once and I no longer know what to grab onto and when it will all end. Tell me I'm not the only one?😅 #ResearcherLife

#Krasue, a Linux #RAT, has been active since 2021. Group-IB confirms it's hit #Thai telecom companies. This malware includes #rootkits for different Linux kernel vers, hiding its activities using various tactics, including disguised 'alive pings' via RTSP.

#GambleForce, a new threat actor, emerged in Sep 2023 targeting 24 sites including government, gambling, retail, travel, and job-seeking platforms across Asia-Pacific. They utilize open-source pentesting tools like #sqlmap and #CobaltStrike, mostly operating in Chinese.

Not all resumes are so innocent. By looking through resume, you can fall into the trap of hackers who can take more than you wanted to offer. Stay tuned for our blog about unknown #hackers #ResumeLooters and what applying for a job can lead to. #APAC #ThreatIntelligence

Group-IB flags #ResumeLooters hacking spree in APAC since early '23, using #SQL injections & #XSS to pilfer data from 65 sites, affecting users across India, Taiwan, Thailand, and Vietnam. Attacker accounts & data sale ads spotted in Chinese #hacking groups on Telegram.

The #GoldDigger family grows: Group-IB's TI Unit finds GoldPickaxe.iOS, the first #iOS #Trojan harvesting #FacialRecognition data for unauthorized bank access, targeting #APAC. It is linked to the GoldDigger family discovered last October. Learn more: bit.ly/3UHDaAq

Often high-profile news about new leaks doesn't bring any reinforcement. You need to approach it with some criticality and check what they have written. Unfortunately, news agencies often don't check data, but that's what we are there for - to filter out and leave only important.

Rising #Trojan Activity in #APAC: Keep an eye out for #GoldFactory and #Gigabud! These mobile Trojans are increasingly active in the region, posing a significant threat to mobile security.

Group-IB TI uncovered a landing page used for distribution of BMANAGER modular #trojan, created by threat actor #Boolka. This page was a test run for a malware delivery platform based on the #BeEF framework. The analysis reveals the complexity of the #malware ecosystem.👇

We continue to see the activity of the Gigabud, which, without slowing down, already has 70+ commands. The #Gigabud mimics legitimate apps, including government and financial institution apps, and abuses screen capturing and #keylogger techniques to #access credentials and more.

#Lazarus is using "FCCCall," to mimic legit video conferencing as part of attack chains. A new Python script suite, and expanded outreach beyond LinkedIn and Telegram have been identified. Tools #BeaverTail and #InvisibleFerret are in active dev with updates from July-Aug 2024.

Group-IB has identified a novel technique not yet included in the #MITRE ATT&CK framework: Code Smuggling using Extended Attributes. We've discovered a new #macOS #trojan, #RustyAttr, developed using the Tauri, originally signed with a leaked certificate (later revoked). #Lazarus

#Lynx #RaaS: A Ruthless Cybercrime Machine 💀 All-in-One Panel – Manage victims, #ransomware builds & leaks 🖥️ Cross-Platform – Windows, Linux, ESXi 💰 Double Extortion – 80% payout + leak site for max pressure 🔐 Custom Encryption – Speed vs. depth, affiliates choose ...more👇

Can one email put billions of weekly downloads at risk? Yes, it can. That’s how one of the most significant NPM #supplychain incidents to date began. A single #Phishing message disguised as an #NPM security update gave attackers access to a trusted developer account and spread

I with my colleagues from Group-IB Threat Intelligence and GroupIB_DFIR uncover how #UNC2891 is blending stealthy malware, physical infiltration, and money #mule ops to pull off high-impact bank attacks in Southeast Asia. 📌 Key findings: • Undetected access since 2017 • Rootkits, log

🎉 Our High-Tech Crime Trends 2026 Report is here! Supply chain attacks have become the dominant force reshaping the global cyber threat landscape. Group-IB's High-Tech Crime Trends Report 2026 reveals a decisive shift in cybercrime away from isolated intrusions toward

Are your remote developers who they say they are? We uncovered a massive network of DPRK IT workers infiltrating companies using synthetic identities, AI-generated interview scripts, and “persona packages”. Key highlights: 🔹A coordinated ecosystem of fake developer personas