Group-IB Logo


Group-IB is a leading provider of cyber security solutions covering detection and prevention of cyberattacks, online fraud, and IP protection. Group-IB Threat Intelligence and Attribution system was named one of the best in class by Gartner, Forrester, and IDC.

Group-IB’s technological leadership is built on the company’s 18 years of experience in cybercrime investigations worldwide and 70,000 hours of incident response accumulated in our leading forensic laboratory and 24/7 CERT-GIB.

Group-IB actively collaborates with international partners such as INTERPOL and Europol in the fight against cybercrime, and is an industry-leading cybersecurity solutions provider.

Group-IB’s security ecosystem provides comprehensive protection for your IT infrastructure based on our unique cyber intelligence, in-depth attack analysis, and effective incident response.

Group-IB is a member and partner of leading organizations aimed at developing and connecting security information sharing communities. 

We have zero-tolerance for cybercriminals. We are not just engineers, analysts, forensic experts - we are united in front of a common enemy. We actively cooperate with international law enforcement. Group-IB is a partner and active collaborator in global investigations by INTERPOL and Europol. “Group-IB for law enforcement agencies: No matter the case and no matter the complexity: We are committed to fighting cybercrime together”. Recently, Group-IB shared Bad Rabbit ransomware information with INTERPOL, joined “Carding Action 2020” to support Europol-backed operations that saved €40 million, and participated in “Operation Falcon” to help INTERPOL identify Nigerian BEC ring members. Join the fight!

Group-IB experts hold numerous industry-recognized certifications, including OSCP, OSWE, CEH, GCFA, PCI QSA, and others

Group-IB has a synergetic team of highly qualified professionals who specialize in malware analysis, threat hunting, incident response, e-Discovery, penetration testing, and other fields.

Our experts are members of professional advisory councils and speakers at leading information security events worldwide.

Group-IB's technological ecosystem is designed to perform external and internal threat hunting, map adversaries, attribute threats, detect and prevent fraud, and mitigate digital risks.

The proprietary solutions are enriched by our unique 18-years expertise in conducting incident response engagements and high-tech crime investigations worldwide.

We have operations in over 60 countries, including Singapore, the Netherlands, UAE, Vietnam, Argentina, Australia, Turkey, Brazil, Canada, Lebanon, the UK, the US, and others.

Clients include the Top-30 largest banks and financial organizations in the world, oil and gas companies, software and hardware vendors, telecom service providers, and FMCG brands.

Threat Intelligence and Attribution

Group-IB’s one-of-a-kind research is powered by Threat Intelligence and Attribution, industry-leading CTI that is free to download.

Аctionable, finished intelligence to track actors and prevent attacks before they happen.

Group-IB is a global leader in high-fidelity Threat Hunting and Intelligence, best-in-class fraud prevention solutions, and high-profile cyber investigations.

Group-IB is a global threat hunting and adversary-centric cyber intelligence company that specializes in investigating and preventing hi-tech cybercrimes. Group-IB’s flagship products have been named one of the best in class by Gartner, Forrester, IDC, Frost and Sullivan, and KuppingerCole Analysts AG.

Group-IB’s experience, and threat hunting and intelligence have been fused into an ecosystem of highly sophisticated software and hardware solutions designed to monitor, identify, and prevent cyber threats.

Threat Hunting Framework - Comprehensive solution to protect corporate networks, hunt for threats, and respond to even the most complex cyber attacks.

Threat Research populates Group-IB’s cyber threat knowledge base, where you will get deep dives on previously unknown APTs, insights into the most recent cybersecurity trends and technologies, and predictions and recommendations that can help shape your security strategy. Our reports serve to help organizations around the world better protect themselves from the constantly evolving threat landscape.

Fraud Hunting Platform - Client-side digital identity protection and fraud prevention in real time.

Digital Risk Protection - AI-driven online platform for external digital risk identification and mitigation.

We monitor high-tech crime trends such as:

Cybersecurity Intelligence Reports

RedCurl: The Awakening

Commercial cyber espionage remains a rare and largely unique phenomenon. We cannot rule out, however, that RedCurl’s success could lead to a new trend in the cybercrime arena.

Ransomware Uncovered

The complete guide to the latest tactics, techniques, and procedures (TTPs) of ransomware operators based on MITRE ATT&CK®.

Hi-Tech Crime Trends

Introducing the research on cybersecurity trends and predictions for the next year. Plan your cybersecurity strategy effectively. Source of strategic data on the global cyber threat landscape and forecasts for its development. Strategic intelligence data on state-sponsored groups, industry-specific cyberthreats, targeted attacks on banks and banking clients.

UltraRank: the unexpected twist of a JS-sniffer triple threat

New stage in JS-sniffers research. From analyzing malware families to identifying threat actors. For five years, the cybercriminal group UltraRank has conducted campaigns using JS-sniffers and managed to stay unnoticed for the most part.

RedCurl: The pentest you didn’t know about

Research of the new espionage APT-group RedCurl and its elaborate attacks on enterprise companies in North America, Europe and CIS.

Online Piracy Research

Jolly Roger’s patrons Group-IB exposes financial crime network of online pirates in developing countries.

Cyber Security, GROUP-IB, Online Piracy Research

Fxmsp: “The invisible god of networks”

The evolution of Fxmsp — one of the most notorious and prolific sellers of access to corporate networks on underground forums. Group-IB researchers analyzed Fxmsp’s activity on underground forums for three years and discovered that the threat actor had compromised networks of more than 130 targets.

Attacks by Silence

A comprehensive technical analysis of Silence’s tools, tactics, and evolution. This is the first time Group‑IB’s reports of this kind have been made publicly available.

Crime without punishment: in-depth analysis of JS-sniffers

In-depth analysis and new types of a growing threat — JS‑sniffers — designed to steal payment data.

Cryptocurrency Exchanges

Estimation of the number of login and passwords leaks of cryptoсurrency exchanges users and analysis their nature. Recommendations for ensuring security of users and exchanges.

Cobalt: their evolution and joint operations

Learn about Cobalt’s development and modification of tools and tactics which were used to steal approximately 1 billion dollars from over 100 banks in 40 different countries.

Lazarus Arisen: Architecture, Tools and Attribution

Lazarus group targets the largest international banks as well as central banks in various countries.


This hacker group is noticeable for years of silent operations and multiple attacks. They still pose a threat: learn about MoneyTaker techniques and indicators of compromise now.


From August 2015 to February 2016 Buhtrap managed to conduct 13 successful attacks against Russian banks for a total amount of 1.8 billion rubles ($25 mln).

Analysis of attacks against trading and bank card system

Group-IB annual report on speculative fluctuations of exchange rate and other incidents caused by the Trojan program Corkow (Metel).

Anunak: APT against financial institutions

This research includes the findings of Group-IB and Fox‑IT on Anunak (Carbanak) group, which focused its activity on banks and electronic payment systems.

Global Cyberthreat Landscape

Free Group-IB research on attackers' tactics, techniques, procedures, and indicators of compromise

Sources of Threats










Cyber Security, GROUP-IB, Sources of Threats

Group-IB Threat Intelligence and Attribution

Optimize strategic, operational and tactical decision making with best-in-class threat intelligence.

The first line of defense should not be your infrastructure. Gain unparalleled insight into adversaries targeting your organization, partners, or clients with high-fidelity threat intelligence from Group-IB. Prevent, deter and defeat attacks by analyzing and attributing cyberattacks, hunting for threats, and fortifying network infrastructure.

Unparalleled strategic intelligence

Understand threat trends and anticipate attacks with thorough knowledge of your threat landscape. Group-IB provides strategic decision makers with precise, tailored and reliable information enabling leadership teams to become more data driven.

Gain powerful insights with Group-IB’s best-in-class technology to enhance decision making.

Improve risk management and ensure compliance.

Develop a cost effective protection strategy.

Raise stakeholders awareness and encourage proactiveness.

Increase team efficiency.

Vital operational intelligence

Prepare and defend against threats with detailed insight into attacker behaviours and infrastructure. Group-IB provides the most comprehensive insight into past, present and future attacks targeting your business, industry, partners and clients.

Improve operational efficiency with high fidelity threat intelligence.

Streamline threat hunting and response.

Improve alert triage and incident analysis by tracking adversaries.

Prepare defenses by testing resilience with knowledge of relevant threats.

Prioritize patching and improve vulnerability management.

Exceptional tactical intelligence.

Prioritise threat detection and hunting activities by augmenting internal alerts and event notifications with external threat information. Group-IB provides unique insight into the tools, tactics and processes used by adversaries giving your teams the best possible insight into attacks.

Integrate into existing security tools and workflows to improve performance

Prevent breaches and attacks development.

Enrich indicators of compromise with unique intelligence.

Identify optimal counter measures and streamline incident response.

Improve fraud detection and prevention.

Managed investigations

Group-IB offers more than the most innovative threat intelligence infrastructure. Our dedicated team of analysts and investigators work with customers, partners and law enforcement to understand threats better than anyone else. This enables us to augment the data we provide with indispensable insights and provide managed investigation services that can’t be found elsewhere.

Incident response service

Group-IB goes beyond other threat intelligence services with managed detection and incident response. Our dedicated team of highly experienced responders can support you at any moment to open communications with cybercriminals, attribute attacks and coordinate law enforcement.

Customized intelligence

Threat landscapes are mapped based on each organization’s industry, size and unique needs.

Attack attribution

Insights are enriched with attributes about attack initiators, their motives and tools.

The leading threat intelligence solution

Consistently recognised as a leader in the cyber security field Group-IB has been innovating and improving our threat intelligence infrastructure for over a decade. Correlate events and indicators of compromise to empower your threat hunting and attribution with Graph analysis. Group-IB has built the industry's largest darkweb database into the comprehensive platform, allowing teams to analyze the profiles of attackers and understand their motives.

We have patents and applications worldwide for our unique software!

35,000+ detections of compromised credentials with malware and phishing per day.

11,000+ detections of compromised credit card numbers daily.

15 tailored categories of personal Intelligence requirements.

Highly-skilled security analysts

Group-IB teams work in over a dozen languages in local threat research centers around the world to provide contextual and actionable intelligence based on your organization’s needs allowing you to better prepare and prevent attacks. If an attack does occur, Group-IB’s inhouse Digital Forensics and Incident Response (DFIR), Computer Emergency Response Team (CERT), and Investigations teams are available to provide support at any moment through the entire threat detection, response and investigation cycle.

More about our team:

Comprehensive and unique data sources

Relying on open source threat intelligence can leave your organization exposed. Group-IB employs sophisticated technologies to extract, collect, process, and analyze intelligence data from a wide range of sources. Exclusive data comes from investigations that have been conducted over the last 18 years by Group-IB’s analysts. The team is on hand to respond to requests for additional detail on threats and bad actors.

Human intelligence

Undercover agents in underground forums on the dark web, DFIR services and joint operations with international law enforcement, and experienced reverse engineers and malware analysts.

Cyber Security, GROUP-IB, Human Intelligence

Unmatched Threat Attribution

Attacks don’t come from nowhere. Group-IB traces threats and maps attacker infrastructure with unparalleled precision to attribute attacks and discover who is behind them, the techniques they use, and how they identify targets. This knowledge enables effective preparation, detection and response to attacks. Group-IB’s extensive infrastructure allows unique information about attackers’ communications, their tools and e-wallet details to be gathered.

Unrivaled experience

Financial benefits and ROI

An independent Forrester evaluation determined how Group-IB Threat Intelligence and Attribution implementation improves companies’ revenue and savings.

Graphical interface

Connect data, including information from underground forums and Internet snapshots collected over years of monitoring, and analyze it in the Graph interface. The unique dashboard provides analysts with key details at a glance and allows them to easily drill down into the data and conduct research.

Trusted experts are on hand

Expand your in-house security team with Group-IB’s highly trained experts. Our Digital Forensics and Incident Response (DFIR), Computer Emergency Response Team (CERT), and Investigations teams are on hand to support you through the whole threat detection, response and investigation cycle. Independent evaluation by one of the Big Four accounting firms confirmed that Group-IB’s intelligence analysis is both timely and accurate. The assessment also verified that Group-IB internal processes and protocols are compliant with the US Department of Justice principles for ethical intelligence data gathering.

Dedicated teams provide threat intelligence tailored by region and unique with locally obtained data. Having a distributed and scalable team structure spread across the world ensures comprehensive information about global, regional and local threats is gathered and analyzed. Group-IB’s Threat Intelligence and Attribution team regularly has its expertise reviewed and certified by local and international cybersecurity organizations.

Proper cyber threat intelligence enables incident response teams to attribute most attacks to the exact threat group, so they have a good knowledge of its tactics, techniques and procedures even before the engagement started

The world is putting a lot of effort into fighting the COVID pandemic. At the same time, organizations are facing a cybercrime pandemic and equal vigilance is required to combat it. Digital forensics helps to understand how cybercrime took place and to prevent it from happening again.

Global team with local expertise

60 countries of presence.

550 experts internationally.

1300 successful investigations worldwide.

18+ languages spoken by analysts.

70,000 hours of incident response.

135 threat intelligence certifications.

Group-IB offers clients threat intelligence tailored by region and with locally obtained data. We achieve this by creating a distributed yet repeatable team structure across the world. The Threat Intelligence and Attribution team regularly reconfirms its expertise with local and international certificates.

Recognized crime fighters on a global scale

Group-IB has the most valuable partnerships in the industry, allowing it to uniquely serve customers and law enforcement around the globe. This has been achieved thanks to Group-IB’s rich feature set and comprehensive database which now includes exclusive capabilities and information gained from these partnerships.

International law enforcement

Group-IB is uniquely qualified to work with law enforcement around the world. Our joint investigations lead to the arrest of cybercriminals.

Europol and Interpol

A partnership agreement was signed in 2015 to cooperate in the fight against cybercrime. Since then, we have participated in the exchange of strategic information that has led to takedowns of massive fraud schemes and at-large cybercriminals.

Financial partnerships

Maintaining compliance is essential for finance institutions. Group-IB partners with leading groups to maintain best practices, such as SWIFT and FS-ISAC.

CERT communities

Strong relationships with international and regional CERTs are formed to ensure that customers receive the best possible incidence response, such as First OIC-CERT, IMPACT, APWG and TLD RU.


Group-IB is compatible with existing security ecosystems thanks to a range of out-of-the-box and flexible integration options, including TIPs, Anomali, EclecticIQ, ThreatConnect, ThreatQuotient, SIEM, Qradar, ArcSight, MaxPatrol, and Splunk.

Governmental organizations

Know that best practices are being followed thanks to Group-IB’s active membership in key cyber security organizations worldwide, including GRF, GCSC, and the US Department of Justice.

Independent evaluation

Group-IB has been verified as an innovator with highly accurate and fast intelligence gathering by numerous industry neutral experts, including the Big Four, Gartner, Forrester, and Frost and Sullivan.

How you benefit from Group-IB’s partnerships

Complete disruption

Group-IB has first-hand experience working with law enforcement to completely disrupt threat actors.

Exсlusive data

Gain exclusive access to data gathered from investigations conducted in collaboration with law enforcement.

Intel reliability

Reliably identify threats by using the same intelligence resources that international cybersecurity agencies use.

Data accuracy

Trust in the accuracy of data that is also used by law enforcement around the world to convict cybercriminals.

Real sentences

Group-IB’s connections means there is a higher likelihood that attackers will sentenced and punished for their cybercrimes.

“Group-IB is one of the most innovative vendors in the market and a leader on the Frost Radar leading CTI vendors”.

“Group-IB brings exceptional cybersecurity talent to this partnership and we are pleased to be able to leverage their expertise to help enhance the security of our members. Our community of members is committed to strengthening the continuity and security of CII owners and operators in greater Asia Pacific, and Group-IB threat information will greatly assist in that mission.”

“Group-IB TI and A improved the security posture for the organization, which was much needed for our global business operations. It helped us to mitigate the risk, protect digital assets, and significantly improve vulnerability management.”

“The arrest of this suspect is down to outstanding international investigative work and new ways of collaboration both with Moroccan police and our vital private sector partners such as Group-IB.”

“The OIC‐CERT welcomes Group-IB CERT to the collaboration. This will open up new technologies of threat hunting and intelligence, anti-fraud solutions and cyber investigations capabilities to the members of the OIC‐CERT, which is vital in the IR4 era.”

Threat Hunting Framework

Adversary-centric detection of targeted attacks and unknown threats for IT and OT environments

“Sees” more than others

Group-IB Threat Hunting Framework (THF)

A Forrester Consulting TEI study reported how a customer achieved 272% ROI and almost $1.9 million in benefits over three years with the Group-IB Threat Hunting Framework.


Cyber Security, GROUP-IB, Threat Hunting Framework

Understanding attackers and their tools helps identify even the most complex threats. Identify complex attacks and tools such as spearphishing campaigns, social engineering techniques, legitimate utilities, and other tools used by advanced groups.

The main infection vectors covered are email, browsers, removable media, local networks, client applications, and supply chain attacks.

Detection of infected mobile devices: THF detects mobile Trojans when a device is connected to a corporate Wi-Fi network.

THF discovers anomalies, hidden communication channels. Performs behavioral analysis for software and users, and event correlation.

Malware detonation and analysis using patented technology performs dynamic analysis of malware in isolated environments on virtual machines and fully executes malicious code and extracts IoCs.

Collaboration with experts provides shared environment, remote incident response, digital forensics, and access to analysts and cyber community.

Proactive threat hunting hunts on hosts within and outside the network perimeter while also analyzing the infrastructure of external adversaries.

Access to threat intelligence attributes scattered events to specific malware types and families or certain cybercriminal groups for efficient attack termination.

Unified security solution for IT and OT - a single system contains all the necessary tools for adaptive automation of research, threat hunting, and IR.


Block, detonate, and hunt for the most advanced email threats with patented email security technology

With modern ever evolving threat landscape, your email needs better protection than just an antivirus, anti-spam or a traditional sandbox. Group-IB Atmosphere blocks attacks with intelligence-driven behavioural analysis. Atmosphere is an intel-driven malware detonation platform that understands how attackers circumvent traditional sandboxes. It analyzes texts, URLs, attachments and encrypted objects and surpasses most modern evasion methods.

Detonate payloads and extract actionable knowledge about attacks

Atmosphere extracts context from attacks by executing payloads in an isolated environment, automatically attributing the attack to a threat actor or malware family and mapping the TTPs to the ATT&CK matrix.

Attribute blocked attacks

Atmosphere automatically matches detonation reports with our Gartner-recognized Threat Intelligence and Attribution data lake in order to perform attribution and answer key questions,  “Who is behind the attack” and “What to expect next”.

Adjust cloud VMs to mimic your real environment

Atmosphere makes it possible to configure virtual machine properties to make them look like your actual corporate environment. This helps surpass advanced detection evasion techniques involved in most modern attacks.

Perform automatic retrospective scanning and threat hunting

Atmosphere performs constant retrospective analysis. It re-downloads suspicious URLs and re-analyzes objects that can change their state over time. As such, it automatically discovers hidden threats.

Set up in minutes using the configuration wizard

Your Atmosphere tenant is provisioned automatically after your trial request is approved. Integration involves simple and standard configuration steps described in the automated setup wizard.

Attackers know what a real environment looks like

Most cloud email sandboxes use standard templates for virtual machines that look completely unnatural to adversaries and are therefore easy to both detect and hide from. This makes the entire approach completely useless against advanced attackers.

Atmosphere makes it possible to adjust key properties to make the virtual machine look like a real environment. Use actual computer names, employee names, corporate domain names, and other features to thoroughly mimic your actual environment.

Atmosphere features a fully automated test built on knowledge about real tools and techniques used by the most advanced adversaries.

Attack cases implemented in our test suite repeat different detection bypass techniques, manipulating with contexts, urls, required human activity as well as system-level and dependencies checks.

All implemented test cases are based on attacks and incidents that Group-IB investigated. Once we discover the initial vector of attack and if it appears to be email, we use it to enrich our detection. We employ most general cases in our test suite.

The test is fully automated and requires only confirming domain ownership. By doing so, we verify that you actually control the domain name and that we can legally run the security assessment.

To deliver cutting-edge email protection in accordance with local regulations, Group-IB Atmosphere is available in four different regions.

Cloud tenant is set up automatically after your trial request is approved. Integration is very simple and implemented as a gateway solution. Simply configure your domain name and Atmosphere will start protection as DNS records are updated.

To improve detection and response even further, Atmosphere supports API-level integration with G-Suite and Office 365. At the same time, Group-IB’s proprietary technology called Neptune allows you to use your real office IP address during analysis runtime.

Fraud Hunting Platform

Keep your business and customers secure from all online fraud risks with the Group-IB client-side digital identity protection and real time fraud prevention.

Detecting threats

Mobile SDK


All scripts, traffic and data are encrypted to avoid interception by third parties. The full infrastructure can be deployed on the customer site.


Dedicated Group-IB anti-fraud analyst and incident response capabilities backed up by a team of world-class forensics experts and the leading Threat Intelligence and Attribution platform.


We do not collect and process personal data and other confidential information. We follow all data protection regulations.

Fraud Hunting Platform International Awards

“The innovative features of Group-IB FHP extracted from the raw data trigger alerts that can help remove blind spots that you were not aware of”.

Group-IB and PAXFUL - Creating the most secure bitcoin marketplace.

Digital Risk Protection

AI-driven digital risk identification and mitigation platform


Identifies illegitimate use of digital assets

Classifies and scores the detected violations.

Prioritizes and initiates appropriate takedown tactics.

Digital Risk Protection modules:

Opportunity to see key highlights – Manually approve violation alerts, and get real-time statistics.

Unique enforcement approach - Combination of automated system and vast partnership network to defeat more infringements on a pre-trial basis.

DRP Platform - Easy access to dashboards and reports that gives a full, transparent view of the detection and takedown processes.

Customer success manager - Keeps you informed about violations and risks, assists with investigations, and facilitates effective take downs.

Protection 24/7/365 - Automated monitoring of digital assets, round-the-clock adjustment and enforcement by analysts.

Neural-based detection - Unique neural network family designed based on cutting-edge proprietary detection practices and capable of detecting up to 90% of violations like a highly-skilled professional.

Scam Intelligence

Revolutionary, actor-centric approach to investigating, researching and predicting scammers’ behavior and tool development for improving detection and takedown capabilities.

Self-adjustable scoring

Unparalleled ML-based scorings designed for determining the severity of violations to enable quick and smooth enforcement prioritization.

Network graph

Network infrastructure analysis that helps identify cybercriminals’ infrastructure and find additional methods for successfully taking down violations.

Auto attribution

Algorithmic correlation of associated resources and entities for attributing and eliminating scam groups to prevent further attack escalation.

Group-IB ecosystem

Cross-product data enrichment and “outside the box” monitoring that captures even the most sophisticated violations and elusive cybercriminals.

How Digital Risk Protection works

Three-stage takedown

  1. Notification stage - Identifies the resource owner and requests that the detected violation be removed.
  2. Enforcement stage - Leverages the partnership network to enforce the removal of any violations.
  3. Cease-and-desist stage - Obtains an official pre-trial order to take down the detected violation.

Group-IB AssetZero

Most DFIR cases start with perimeter security errors. Digital transformation is causing an unprecedented expansion of organizational external attack surfaces. Networks are increasingly decentralized, with more assets scattered across on-premise locations, clouds, and third parties. Mass digitization, forgotten IT, and increasingly complex infrastructure mean that organizations are more exposed and at risk than ever before.

Deploy AssetZero and immediately leverage Group-IB’s 18 years of expertise in preventing incidents and breaches with our battle-hardened insights. Track your external security posture and kickstart remediation.

Cyber Security, GROUP-IB, AssetZero

See the Asset, Reveal the Story

AssetZero is constantly enriched with Group-IB Threat Intelligence and Research, allowing you to map IT assets to unique insights from dark web forums, closed underground groups, and complex malware research.

Combine AssetZero with the Group-IB partner network to get value-added services from leading providers who understand local perspectives.

AssetZero’s proprietary platform is powered by Group-IB’s patented technologies. We are trusted by hundreds of clients, partners, regulators, and law enforcement agencies worldwide.

Reveal shadow IT, misconfigurations and other high-risk infrastructure with clear alerts before incidents can occur.

Gain intelligence insights on your assets and understand the associated risks in simple, easy-to-understand terms. Receive context to respond effectively and address the most pressing issues first.

Don’t just get a list of assets, but understand where those assets sit and how they can affect your business.

AssetZero runs externally to your infrastructure with no requirements for agents, integrations, or infrastructure upkeep.

AssetZero requires no installation of software and is 100% agentless. The scanning process is fully automated, and alerts flow directly to your team directly or via MSP.

With a zero-overhead deployment, AssetZero enables you to map your attack surface and start improving security immediately.

Broaden your understanding of your digital footprint and reveal your true security posture. See vulnerabilities, software, VPNs, ports, and even detect third-party attacks like JS-Sniffers.

Baseline your posture, remediation times, and risk scored against those of your peers in your sector and region.

Asset Zero continuously scans the whole internet to identify assets. Group-IB’s distributed network of passive discovery scanners builds multiple graphs to map an organization’s attack surface. We review the entire IPv4 space daily, enrich it with datasets from Group-IB’s intelligence capabilities such as registrar data, IPv6, SSLs, proprietary datasets, and subsequent recursive scanning in real-time. Data collection takes place in real-time and includes:

AssetZero performs multiple tests and validation actions against every asset associated with your external attack surface to accurately organize them all into the following eight categories:

You gain prioritized action items with insights beyond ordinary CVSS impact scores that help define business outcomes. You can monitor all changes to your external attack surface in real-time with recursive discovery to ensure that your organization accurately understands its current security posture. Group-IB’s remediation logic removes solved issues. If any new risks are identified, the system generates a new score and alert.


Group-IB Anti-Piracy protects brands against pirated usage and unauthorized distribution of their unique digital content.

Global online piracy has been on the rise for years. Despite increasingly available legal streaming options, online piracy remains a significant concern for many industries relating to information technologies, software, telecommunications, audio recording, movie and TV show production, and the sports and entertainment segments.

During the pandemic, traffic to pirated websites increased by 40%. Shadow revenues are also increasing. To put it into perspective: the annual income of an average illegal online cinema is around $160,000, while a pirated content streaming website makes $89,000 per year on average.

The most pirated content – quick facts:

Group-IB‘s Anti-Piracy team uses unique machine-learning technologies applied to complex investigations of cyberattacks in order to detect pirate resources, identify their owners, and block infringing content.

Group-IB leverages its reputation among hosting providers and domain registrars worldwide to promptly remove unauthorized content.

We collaborate with the leading anti-piracy associations and law-enforcement agencies to combat online piracy on a global scale.

80% of links to illegal resources are successfully blocked within 7 days.

87% of pirated content is removed on a pre-trial basis.

30 minutes is the average time to detect the first pirated copy of a movie.

Group-IB’s Anti-Piracy monitors more than 100,000 resources in multiple languages ranging from torrent trackers and streaming services to groups in social media and pirated platforms on the deep and the dark web.


Violation detection

We have developed advanced digital fingerprinting technology that helps compare digital copies using a set of parameters. Any type of pirated content can be detected, even if it has been significantly modified. Our Anti-Piracy team verifies all detected links to ensure that no legal content is blocked by accident.

We detect:


We use moderator accounts and programs for trusted vendors to remove unauthorized content immediately.

We swiftly:

Video Content We Protected:

Group-IB Cybersecurity Services

This is a purpose-built security services portfolio with adversary-centric approach, borne of 18 years of experience responding to the world’s most consequential breaches. A world-renowned team of experts is reinforced by superior technologies with detective DNA of advanced research, prevention and investigation.

Group-IB’s synergy of cybersecurity services leverages our comprehensive stack of technologies with detective DNA, up-to-the-minute research, and best-of-breed human intelligence to provide dedicated APT monitoring, attacks prevention, incident response and remediation services across the world.

Europol and Interpol are partners and active collaborators in global investigations.

CERT-GIB Computer Emergency

A round-the-clock cyber incident response team provides evolving responses to attacks by applying the latest threat intelligence and proactive hunting technology, human expertise, and an adversary-centric approach.

We provide professional expertise to improve the state of security programs across every stage of the attack lifecycle. Our purpose-built service portfolio fuels organizations’ security with better insight, detection, and response capabilities in the face of evolving cyberattacks.

Cyber Security, GROUP-IB, Computer Emergency

We identify telltale signs of compromise and uncover threats before they can significantly damage your organization by using Group-IB proprietary hunt methodology.

Red Team Operations - We immerse your security and IT teams in a simulated world filled with the advanced vulnerabilities to hone their skills and safeguard your most valuable assets.

We provide integrated training to evaluate your IR function, minimize the impact of data breaches, and establish battle-tested processes to ensure effective responses to the most advanced cyberattacks.

Cyber Education Services

The most obvious attack vector remains unprotected — people. Our certified experts strengthen cyber readiness across the entire organization and help both technical and non-technical employees develop their security literacy. Group-IB offers training courses on a variety of subjects, ranging from the basics of digital hygiene to intensive cybersecurity training intelligence to provide dedicated APT monitoring, attacks prevention, incident response and remediation services across the world.

Security Assessment and Testing

86% of web resources contain at least one critical vulnerability.

193 days is how long it takes on average to eliminate a vulnerability.

1 hour or less is needed for a criminal to steal information and money!

Years of experience in assessing the security of major portals, banking systems, and production facilities have shown that a formal approach to information security does nothing to defend against modern threats.

We understand that the quality and scope of testing is important. As such, we strive to show our customers the real degree of their internal and external perimeter security, application protection, and employee awareness. We also use all possible attack vectors and techniques in our assessments.

We offer Penetration Testing and Security Assessment services, as well as testing of the external perimeter and examination of internal infrastructure.

Social Engineering Testing is the manipulation of employees into revealing sensitive information.

Security assessment services of web applications is an analysis of portals, user accounts, and other web resources.

Mobile Application Security Assessment examines mobile apps.

Online Banking Security Assessment performs a security analysis of online banking platforms.


    • Approval of the scope of work,
    • System analysis,
    • Search for entry points.
    • Tool-based search,
    • Manual search,
    • Handling of attack vectors.
    • Search for and development of exploits,
    • Attack modeling,
    • Analysis of attack consequences.
    • Descriptions of detected vulnerabilities and attack vectors,
    • Recommendations on eliminating vulnerabilities.
    • Systematization of possible attacks and vulnerabilities.

Group-IB’s auditors hold more than 40 globally recognized certifications, including CREST CRT, CREST CPSA, OSCP, OSWE, CEH, CISA, GDPR DPP, PCI QSA, and more.

The Group-IB security assessment process is constantly updated to reflect the most recent cybersecurity methods and attack trends. This data is provided by our DFIR Laboratory, CERT-GIB, and best-in-class Threat Intelligence and Attribution solution, and further enriched by our active cooperation with INTERPOL and Europol.

Automation does not replace the thorough, hands-on analysis conducted by Group-IB’s experts. Less emphasis on automation allows our experts to focus their full attention on developing in-depth analyses of network infrastructures and creating comprehensive and thorough reports.

We support our customers throughout the security assessment process and check in with them after the audit is complete. Group-IB experts respond to lingering concerns, provide additional consulting, and conduct a free check-up for select services to determine how well detected vulnerabilities were eliminated.

Security assessments are performed with the help of universally recognized methods and technologies, as well as Group-IB’s patented innovations that have been perfected over the course of 800+ successful security assessments around the world.

The quality of our security assessment and consulting services, as well as their adherence to best practices and ability to protect customers’ data are recognized annually by BSI with ISO 27001 and ISO 9001 certificates.

Red Teaming - Anticipate attackers’ movements to stay one step ahead

Security teams may understand how to defend against threat actors in theory but are unprepared to do so in practice.

A company may often consider penetration testing sufficient and do not hire red teams for security testing.

Attackers never sleep! Threat actors don’t work on a schedule and aim to launch unexpected attacks when the company is most vulnerable.

A lack of knowledge of the cyber threat landscape and modern attacker TTPs will cripple blue teams.

How Red Teaming can help

We simulate real-life attacks. Red team attacks offer the most realistic opportunity to test how a company can defend against security incidents.

Bolster the blue team by letting the red team teach your team how to anticipate the movements of threat actors.

Attack simulations are effective in exposing deep gaps in organizations’ infrastructure and to uncover security breaches.

The red teaming results allow security teams to work out problematic issues in key elements of the organization.

Red Teaming stages

  1. Create a working group:
    • Define the scope of work,
    • Sign cooperation protocols,
    • Form the Red Team,
    • Target Intelligence.
  2. Perform extensive reconnaissance:
    • Develop initial scenarios involving potential attacks.
  3. Conduct covert attacks on identified critical functions.
    • Develop alternative ways of achieving the objective.
  4. Assess how Blue Team responds to cyberthreats.
    • Draft a report with the actions taken and conclusions,
    • Analyze results and plan improvements.

Why customers choose Group-IB

Team of qualified experts who have 10+ years of experience auditing various infrastructures and international certifications in the field of information security (OSCP, OSWP, CEH, and others).

Harmony of technology and human intelligence

The strong synergy between experts from Group-IB’s DFIR Lab, CERT-GIB, and proprietary Threat Intelligence and Attribution mean that our solutions are continuously enriched with up-to-date information about attacker TTPs.

Full-spectrum reporting

Reports contain an executive summary with an overview of the main threats as well as recommendations for businesses, detailed descriptions of vulnerabilities, and specific recommendations for technical specialists.

Full-scale inspection

Our full cycle of checks allows for a comprehensive assessment of the infrastructure, as evidenced by the more than 800 successfully conducted complex audit requests.

Compliance Audit and Consulting

Nowadays, companies across various verticals must comply with international regulations and industry standards in the field of information security.

Regardless of whether you need an assessment of compliance with certain requirements or to receive a certification or unbiased opinion on your information security level, Group-IB will help you understand the nuances of the necessary security measures and provide full expert support.

Compliance Assessment:

Analyzing your company’s security controls and comparing them with relevant security requirements to help you reach the maximum coverage with minimal effort.


Consultation with Group-IB experts help build an effective security system in your company, prepare for certification audits, and maintain compliance with industry best practices and standards.

Security in the financial sector:

PCI DSS - Assessment of compliance with the data protection standards of the payment card industry.

SWIFT CSCF - Assessment of compliance with the SWIFT Customer Security Controls Framework (CSCF).

Compliance with international standards and best practices:

International standards  (ISO, NIST and others).

Assessment of compliance with international standards and best practices in the field of IS.

GDPR - Assessment of compliance with the General Data Protection Regulation.

The strong synergy between Group-IB’s experts and proprietary Threat Intelligence and Attribution ensure up-to-date knowledge of attacker TTPs.

Pre-Incident Response Assessment

Over 50% of companies experienced a cyber security breach in the last 2 years.

Only 25% of companies have an incident response plan.

Group-IB provides a tailored service based on your current tasks – whether you require to test your readiness to respond to emerging types of incidents and enhance your existing processes, or set IR function from scratch.

We use real-life scenarios and understand how threat actors operate using Group-IB's Threat Intelligence and Attribution, recognized by top industry researchers.

Your company needs Pre‑IR Assessment to stop the cyber security incident within the shortest time, to discover vulnerabilities and prevent criminals from accessing your system

to correctly gather all the information required for an investigation. 

Assessment of network and system infrastructure is the ability to quickly stop an incident and manage a network during a response, detect signs of compromise, gather digital evidence in full and correct manner.

Your data and infrastructure have probably been breached. We can help you assess your enterprise to determine if threat actors are still active in your environment or have circumvented your security defenses in the past.

During a Compromise Assessment we detect traces of attack preparation and compromise within your IT infrastructure, assess the scale of damage and determine which assets in the network were attacked and how it occurred.

It takes hackers months to deploy malicious infrastructure to conduct an attack — in a completely unsuspicious way.

Mergers and acquisitions:

Integration with another business may pose risks hidden in new infrastructure: implants, backdoors, CVE.

Unscrupulous competitors:

Access to your trade secrets provides your rivals a competitive edge in the market.

Insiders or former employees:

They know the company's infrastructure and leak information, going unnoticed for a long period.

Hackers use new attack tools and techniques that are not detected by conventional security mechanisms.

Insiders act carefully, using legitimate software, which enables them remain unnoticed.

Attacks on your infrastructure may be conducted not directly, but through less secure subcontractors, partners or clients.

A Case Study from the Group-IB's report shows 40 days from penetration to withdrawal of $ 2 million. In July 2016, hackers stole over 2 million USD from First Bank, one of Taiwan's largest banks. This attack was conducted by the Cobalt group. It lasted 40 days from network penetration to money withdrawal, during which criminals went unnoticed by the internal security team.

As part of Compromise Assessment, Group-IB specialists will install the Threat Hunting Framework hardware and software solution, while experts with hundreds of successful investigations behind them will evaluate your IT infrastructure for signs of compromise.

Our forensic specialists will check key elements of your infrastructure for the presence of attacker activity and use proprietary forensic tools and our unique Threat Intelligence and Attribution data.

Threat Hunting Framework Sensor identifies network anomalies, infections and abnormal behavior of devices. We can examine key nodes in your infrastructure: domain controllers, processing, payment gateways, etc.

Threat Hunting Framework Polygon launches suspicious files in an isolated environment and analyses their behaviour and impartially assesses their threat level. We then restore the attack timeline to prevent repeated incidents.

Group-IB is one of the leading providers of solutions aimed at detection and prevention of cyberattacks, online fraud, and IP protection. Group-IB Threat Intelligence and Attribution system was named one of the best in class by Gartner, Forrester, and IDC.

Group-IB’s technological leadership is built on the company’s 18 years of experience in cybercrime investigations worldwide and 70,000 hours of incident response accumulated in our leading forensic laboratory and 24/7 CERT-GIB.

Group-IB actively collaborates with international partners such as INTERPOL and Europol in the fight against cybercrime, and is an industry-leading cybersecurity solutions provider.

Group-IB’s security ecosystem provides comprehensive protection for your IT infrastructure based on our unique cyber intelligence, in-depth attack analysis, and effective incident response.

Threat Intelligence and Attribution is actionable, finished intelligence to track actors and prevent attacks before they happen.

Threat Hunting Framework is a comprehensive solution to protect corporate network, hunt for threats and respond to even the most complex cyber attacks.

Fraud Hunting Platform is a client-side digital identity protection and fraud prevention in real time.

Digital Risk Protection is an AI-driven online platform for external digital risk identification and mitigation.

GROUP-IB Cyber Education

25% of cyber incidents are not investigated properly, which leads to repeated network compromise.

73% of all successful cyberattacks involve social engineering.

Group-IB’s approach to learning

We seek to enhance cybersecurity within companies. We tackle this problem by managing and honing skills. We cater for all key user groups, including technical specialists, and senior executives.

Our comprehensive approach helps us protect companies from threats targeting employees, improve technical staff’s incident response and investigation skills, and ensure a high level of cybersecurity.

Group-IB educational programs

For technical specialists: Original training courses in digital forensics, incident response and other relevant areas of cybersecurity.

For wider audiences: Raising employee awareness of information security and digital hygiene.

Interactive training format – Threat Hunting Game

The Threat Hunting Game is an educational individual competition that simulates the experience of threat hunting in a real environment. Players can test their skills in analyzing malware and network traffic, handling alerts, hunting for threats based on real-life cases, and win prizes using Group-IB Threat Hunting Framework.

Participants will receive:

Our training courses are based on 1300+ successful investigations worldwide.

Our training courses are based on 1300+ successful investigations worldwide.

The course instructors are current Group-IB specialists, which translates to the most up-to-date and first-hand information for course participants.

All courses are led by GCFA-, EnCE- and MCFE-certified experts.

Practical exercises based on real-life cases make up 70% of the course.

Course materials are regularly updated with new cases from Group-IB’s experience, which ensures that the course program always reflects the latest trends.

Group-IB’s training courses provide a wide range of competencies for creating an effective information security department in any company.

Cybersecurity for the blockchain industry

Comprehensive cybersecurity for ICOs, cryptocurrency wallets and exchanges. 

Blackmoon Crypto successfully secured $30,000,000 in ICO with a comprehensive cyber risk management program and phishing protection from Group-IB.

Tokenbox is placing a major emphasis on the system’s security and is working with Group‑IB

BANKEX is under protection of Group‑IB, during this cooperation Group‑IB protected.

Group‑IB helped WAVES to protect WAVES holders from an active phishing scam on social networks.

24/7 monitoring of 3,000,000+ resources to prevent online brand abuse, phishing and fraudulent websites, social media and messengers, ad networks, mobile app stores, and the dark web.

Cyber Security, GROUP-IB, Cybersecurity for the blockchain industry

Intensive training for your team covering all vectors, followed by social engineering simulation. A clear security checklist, along with do’s and don’ts for accounts, networks and devices usage, as well as recommendations related to cryptocurrencies.

Detect malicious incidents in your internal network to prevent intrusions, attacks, data leaks, and espionage.

Get a comprehensive vulnerability analysis and recommendations for protection. We typically audit the smart contract, project infrastructure, web and mobile applications.

24/7 identification of compromised data, along with information on when, where and how it has been exposed. Stolen data may include your team’s account credentials.

We simulate actions of intruders in order to find weak spots of key persons and provide recommendations on how to enhance security. Deep analysis of an individual’s background helps to protect against information attacks.

We continuously simulate targeted attacks on your company using advanced tactics, techniques, and procedures (TTPs) from hackers’ arsenals.

Authentication of legitimate users with precision close to that of fingerprint recognition, clientless detection of remote access and malicious activity on a user’s device.

We use miniThreat Hunting Framework, solution based on Group‑IB Threat Hunting Framework, to protect the home network of key persons. Our technologies protect your network 24/7 against intrusions, attacks, data leaks, and espionage.

Prevent Dos/DDoS attacks and load testing.

CERT-GIB Computer Emergency Response Team

Back in 2011, we created certified emergency response service, united by a mission: to immediately contain cyber threats, regardless of when and where they take place and who is involved.

We are a member of the Forum of Incident Response and Security Teams (FIRST) and an accredited member of Trusted Introducer (Services for Security and Incident Response Teams). We are a partner of the International Multilateral Partnership against Cyber Threats (IMPACT), and a member of OIC-CERT (Organisation of The Islamic Cooperation — Computer Emergency Response Teams) and the APWG international coalition (Anti-Phishing Working Group).

How it works:

Threat Hunting Framework is a single system for managing detection infrastructure, automated analysis, event and alert storage, and retrospective incident analysis. It helps CERT-GIB manage incidents effectively and efficiently, gives analysts access to an extensive database of events, and reduces the time spent on incident analysis thanks to automatic grouping and correlation.

Internal and external Threat Hunting

Benefits of CERT-GIB

CERT-GIB’s additional capabilities

You will receive:

Possible objects of analysis:

Cyber Security, GROUP-IB, Certified Emergency Response Service

Incident Response Services

Get help of our skilled Incident Response team operating globally to ensure rapid and thorough containment, remediation and recovery of the most damaging cyber attacks.

60,000 hours of incident response has been conducted by our forensic specialists who are internationally recognized members of advisory councils around the world.

Group-IB combines a power of human expertise, rich data sources and unique technologies to get a first-hand understanding of intrusion tactics and malware samples used in most sophisticated cyber attacks. We apply our Intelligence Driven approach to analyze the threat actor’s activities and piece together a coherent attack kill chain to restore business continuity.

We handle breaches of varied size and complexity, including:

Malware | Mobile banking frauds | DoS/DDoS attacks | Ransomware | Unauthorized access | Fraudulent resources and botnets | Suspected breaches | Data and money theft.

We gather all necessary information for creating a list of Indicators of Compromise, and write YARA-rules to clear your enterprise’s network from the infiltration.

Our experts explore the anatomy of the attack — how attackers gained a foothold and moved laterally inside your organization to steal confidential data.

After analysis, we prepare a detailed report on how to adjust your security architecture and processes to strengthen your security posture.

Incident Response Procedure:

Under the guidance of Group-IB experts your IT personnel implements Threat Hunting Framework for network traffic monitoring and suspicious behavior detection missed by signature-based cybersecurity systems.

Group-IB specialists conduct express forensic analysis of workstations and servers used by cybercriminals to identify the initial attack vector, applied tools and techniques as well as exploited vulnerabilities.

Our GIAC certified malware analysts perform basic or advanced static and dynamic analysis of malicious code discovered during an investigation to determine other affected assets in the environment and prevent further intrusions.

The evolution of ransomware and its distribution methods

Ransomware attacks are still on the rise. Some of them became more sophisticated and adopted tactics and techniques from APT threat actors, focusing not only on data encryption on the endpoints, but also on data exfiltration and network research.

Classiscam expands to Europe: Russian-speaking scammers lure Europeans to pages mimicking classifieds and propagate the ransomware Egregor.

Qakbot fuels enterprise ransomware campaigns, for which we offer ProLock and its unique kill chain.

Our Threat Hunting Framework is a comprehensive solution to protect corporate networks, hunt for threats, and respond to even the most complex cyber attacks.

Our Fraud Hunting Platform uses client-side digital identity protection and fraud prevention in real time.

Our services include:

Group-IB discovered the Silence group who have emerged as new threat to banks. The Cobalt Cybercrime Gang which is tied to $1 Billion in losses has returned.

Based on our 16 year hands-on experience, we have an extensive knowledge of criminal schemes ranging from recruiting insiders and developing malicious programs to withdrawing and cashing out money. This enables us to immobilize the attackers before businesses or individuals suffer major damage.

Data theft includes competitor espionage, phishing, intellectual property breach, theft of trade secrets, credentials and other sensitive information.

Financial crimes include cryptocurrency theft, online‑banking, mobile-banking, email fraud, ATMs, card processing, SWIFT, and payment gateways.

Insider attacks include abuse of authority, competitor espionage, critical infrastructure damage, data leakage, and account takeover.

Information wars include extortion, reputational damage, defamation, harassment and identity theft.

Flood attacks are intended to overload communication channels (emails, phone calls, social messengers).

DoS/DDoS attacks target attacks to overload web services and network.

Critical infrastructure attacks include attacks on water supply, transport infrastructure, power grids control systems.

Malware attacks include malware creation, proliferation and control, botnets, ransomware and spyware.

Operation Falcon: Group-IB in cooperation with INTERPOL and the Nigerian Police Force targeted a business email compromise (BEC) cybercrime gang from Nigeria called TMT. Since 2017, the group has compromised at least 500,000 government and private sector companies in more than 150 countries.

Carding Action 2020: This three-month anti-cybercrime operation was let by Europol’s European Cyber Crime Centre (C3) and supported by The Dedicated Card and Payment Crime Unit of the London Police, the City of London Police, and Group-IB, which was the only private-sector cybersecurity involved. The effort targeted traders of compromised card details.

JS-sniffer family GetBilling infected hundreds of e-commerce websites in Indonesia, Australia, the UK, the US, Germany, Brazil, and other countries, stealing the payment and personal data of thousands of online shoppers.

This group stole money from bank accounts of Android smartphone users. The hackers infected over 1 million devices in total and the overall damage from Cron’s activity is estimated to approximately $800 000.

Cyber Security, GROUP-IB, Attackers

Investigative services

Group-IB investigators develop a unique approach, taking into account every nuance and detail of the case. We leave no stone unturned and throughout the investigation collect and process digital evidence, monitor the dark web, acquire data for risk management, track data leaks, provide OSINT, and perform digital forensics. These services are used for:

Access to vast dark web archives, including deleted topics or shut-down forums with Group-IB Threat Intelligence and Attribution.

Official partner of Interpol and Europol

Malware code analysis

Thorough malware analysis is vital when investigating complex attacks. Our analysts examine vast amounts of real malware samples daily and hold the internationally recognised GIAC certification in Digital Forensics and Malware Analysis. We regularly share threat research on the activities of infamous hacker teams, which is based on the findings of the malware analysis team.

Nowadays, any company can fall victim to fraud. Dishonest borrowers, unreliable contractors, corporate disputes, and corruption can all affect a company’s activity and reputation. Group-IB specialists help promptly prevent threats, understand fraud schemes, and increase the likelihood of recovering lost assets.

We effectively detect: