Send us a text

Indonesia, June 2024 - 210 critical government agencies were crippled in one fell swoop. Immigration services were in disarray; customs officers locked out of critical systems and travellers left stranded in airport and ferry terminals facing delays that would continue for a full week.

The culprit? Brain Cipher, a ransomware group barely a week old, which demanded a huge sum of $8M from Indonesia’s National Data Centre, bringing local government services to their knees. The chaos that followed lingers as a potent reminder of the widespread disruption across an entire nation that can stem from a single attack.

Join Group-IB’s Gary Ruddell and Nick Palmer as they talk to Jennifer Soh, Cyber Investigation Lead for APAC at Group-IB, exploring what motivates cyber criminals to target national infrastructure, and what happens when the pillars that hold up our modern digital society - from government and defence to energy- are struck by cyber-attacks.

Episode links:
Group-IB's Top 10 Masked Actors
Deciphering the Brain Cipher Ransomware
Patch or Peril: A Veeam vulnerability incident

By understanding who these actors are and how they operate, you can better anticipate threats and protect yourself in an increasingly hostile digital world.

Subscribe to Group-IB's Masked Actors now — and stay one step ahead in the fight against cybercrime.

FOLLOW GROUP-IB

• Group-IB Threat Intelligence on X: https://www.x.com/GroupIB_TI
• Group-IB on X: https://www.x.com/GroupIB
• Group-IB on LinkedIn: https://www.linkedin.com/company/group-ib
• Group-IB on Facebook: https://www.facebook.com/groupibHQ/
• Group-IB on Instagram: https://www.instagram.com/groupibhq/...

Send us a text

Cyber criminals are masters at exploiting human vulnerability and trust. In Uzbek folklore, there's a creature known for causing chaos, preying on humans, lurking in the dark and changing its face to trick its victims before it pounces.

In December 2023, it lent its name to a sophisticated Android malware campaign using the same tactics that emerged in the digital underworld. The banking malware masqueraded as legitimate applications, leaving users confused – like its folklorish namesake – and surfaced from the dark to steal everything they had. Its codename: Ajina.

Join Group-IB’s Gary Ruddell and Nick Palmer as they speak with Amy Grieveson, Director of Security and Behaviours at Monzo Bank, revealing the tricks used by financial fraudsters to get victims to hand over their most sensitive information. They discuss sophisticated social engineering deployed by cyber criminals, as well as how to flip the narrative around cyber defence from fear, to empowering consumers with the awareness and routines needed to maintain vigilance in a landscape rife with scams.

Episode links:
Group-IB's Top 10 Masked Actors
Ajina attacks Central Asia: Story of an Uzbek Android Pandemic

By understanding who these actors are and how they operate, you can better anticipate threats and protect yourself in an increasingly hostile digital world.

Subscribe to Group-IB's Masked Actors now — and stay one step ahead in the fight against cybercrime.

FOLLOW GROUP-IB

• Group-IB Threat Intelligence on X: https://www.x.com/GroupIB_TI
• Group-IB on X: https://www.x.com/GroupIB
• Group-IB on LinkedIn: https://www.linkedin.com/company/group-ib
• Group-IB on Facebook: https://www.facebook.com/groupibHQ/
• Group-IB on Instagram: https://www.instagram.com/groupibhq/...

Send us a text

As digital infrastructure becomes the backbone of global economies, cyber espionage has quietly evolved into one of the most powerful tools in modern statecraft.

Behind the scenes, nation-backed threat groups like MuddyWater and OilRig operate sophisticated campaigns that blend malware, phishing, and social engineering to infiltrate governments, defence contractors, and critical industries. But these Advanced Persistent Threat groups aren’t motivated by fame or by fortune. They’re after insights on matters of national security, looking for long-term access to strategic intelligence, and preparing tactical disruption of their adversaries.

In this episode, Group-IB’s Gary Ruddell and Nick Palmer speak with Mansour Alhmoud, a cyber threat intelligence analyst at Group-IB responsible for tracking APT groups, to unearth how these groups operate and what organizations and governments should be doing to protect themselves against state-sponsored threats.

Episode links:
Group-IB's Top 10 Masked Actors
Catching fish in muddy waters
ClickFix: The Social Engineering Technique Hackers Use to Manipulate Victims
SimpleHarm: Tracking MuddyWater’s infrastructure
"We find many things that others do not even see"
Mapping the Infrastructure and Malware Ecosystem of MuddyWater

By understanding who these actors are and how they operate, you can better anticipate threats and protect yourself in an increasingly hostile digital world.

Subscribe to Group-IB's Masked Actors now — and stay one step ahead in the fight against cybercrime.

FOLLOW GROUP-IB

• Group-IB Threat Intelligence on X: https://www.x.com/GroupIB_TI
• Group-IB on X: https://www.x.com/GroupIB
• Group-IB on LinkedIn: https://www.linkedin.com/company/group-ib
• Group-IB on Facebook: https://www.facebook.com/groupibHQ/
• Group-IB on Instagram: https://www.instagram.com/groupibhq/...

Send us a text

Forget everything you think you know about hackers. Today’s cybercriminals aren’t lurking in shadowy basements - they’re teenagers mastering cheat codes on Roblox, swapping tips on Discord, and using AI to launch attacks from their bedrooms.

Join Group-IB’s Gary Ruddell and Nick Palmer as they sit down with Fergus Hay, CEO and co-founder of The Hacking Games, to explore how cybercrime is becoming more accessible than ever. They dive into the rise of Ransomware-as-a-Service (RaaS), the impact of generative AI, and why the next wave of ethical hackers should be recruited from gaming platforms..

This episode unpacks the motivations driving young hackers, the pathway from gaming to cybercrime, and the urgent need to rethink how we recruit and inspire the next generation of cybersecurity defenders.

Episode links:
Group-IB's Top 10 Masked Actors

By understanding who these actors are and how they operate, you can better anticipate threats and protect yourself in an increasingly hostile digital world.

Subscribe to Group-IB's Masked Actors now — and stay one step ahead in the fight against cybercrime.

FOLLOW GROUP-IB

• Group-IB Threat Intelligence on X: https://www.x.com/GroupIB_TI
• Group-IB on X: https://www.x.com/GroupIB
• Group-IB on LinkedIn: https://www.linkedin.com/company/group-ib
• Group-IB on Facebook: https://www.facebook.com/groupibHQ/
• Group-IB on Instagram: https://www.instagram.com/groupibhq/...

Send us a text

When RansomHub, one of the most prolific ransomware groups, vanished overnight back in April, it sent shockwaves through the cybercriminal underworld. With over 600 global attacks and millions extorted, their sudden disappearance left affiliates scrambling and researchers asking: what happened?

Join Group-IB’s Gary Ruddell and Nick Palmer as they speak with Pietro Albuquerque, a threat intelligence analyst at Group-IB and a leading expert on RansomHub, to unpack the rise and fall of this ransomware cartel. They explore how RansomHub’s affiliate-friendly model disrupted the RaaS market, why its tactics proved so effective, and where its members may have gone.

From double extortion to underground job markets, this episode reveals the hidden mechanics of ransomware operations and what businesses must do to stay ahead of the next wave.

By understanding who these actors are and how they operate, you can better anticipate threats and protect yourself in an increasingly hostile digital world.

Subscribe now to meet these Masked Actors — and stay one step ahead in the fight against cybercrime.

Episode links:
Group-IB's Top 10 Masked Actors

RansomHub ransomware-as-a-service

RansomHub Never Sleeps: The evolution of modern ransomware

Ransomware debris: an analysis of the RansomHub operation

Ransom notes from the most active groups

Meet Group-IB's top 10 Masked Actors here - and stay one step ahead in the fight against cybercrime.

Send us a text

Empty shelves, lost customers, and hundreds of millions of pounds in lost profit are just some of the outcomes that retailers have faced in the wake of recent ransomware attacks. From the Co-operative to M&S, the recent cyber attacks on UK retail giants have dominated headlines and wreaked havoc that’s been felt by customers, staff, and government officials alike.

The culprits behind it? A highly organised group of ransomware specialists, codename: DragonForce.

Join Group-IB’s Gary Ruddell and Nick Palmer as they speak with Jason Rebholz, an expert on the ransomware ecosystem, with over a decade of experience performing forensic investigations into complex cyberattacks.

In this episode, they unpack how DragonForce evolved into a ransomware cartel, franchising their malware to affiliates like Scattered Spider, whose sophisticated social engineering tactics have significantly disrupted UK retail. They explore the wide-ranging impact on both businesses and consumers, offering insights into how each can better protect themselves. Finally, they examine the role of policy and regulation in preventing future attacks and strengthening cyber resilience.

By understanding who these actors are and how they operate, you can better anticipate threats and protect yourself in an increasingly hostile digital world.

Subscribe now to meet these Masked Actors — and stay one step ahead in the fight against cybercrime.

Episode links:
Group-IB's Top 10 Masked Actors

Inside the Dragon: DragonForce Ransomware Group

Meet Group-IB's top 10 Masked Actors here - and stay one step ahead in the fight against cybercrime.

Send us a text

In December 2014, Sony Pictures announced they were cancelling the release of Seth Rogan’s newest venture The Interview due to a large-scale cyberattack. And in February of this year, global cryptocurrency exchange Bybit suffered a massive attack resulting in the theft of $1.5 billion.

These masked actors are still active. But now, they’ve turned their attention to companies like yours...

Join Group-IB’s Gary Ruddell and Nick Palmer as they speak with Geoff White, one of the worlds leading journalists covering organized crime and tech and the author of The Lazarus Heist – From Hollywood to High Finance: Inside North Korea’s Global Cyber War as they explore the infamous Lazarus group.

In this episode, they delve into the groups’ latest modus operandi – infiltration campaigns, whereby North Korean hackers pose as remote IT employees to funnel information through the backdoor and leave logic bombs in code that they can trigger years or months down the line. They look at how this shifts the responsibility model for cybersecurity, requiring vigilance from across the organisation for unusual behaviour.

By understanding who these actors are and how they operate, you can better anticipate threats and protect yourself in an increasingly hostile digital world.

Subscribe now to meet these Masked Actors — and stay one step ahead in the fight against cybercrime.

Episode links:
Group-IB's Top 10 Masked Actors
Lazarus Arisen: Architecture, Tools and Attribution
Stealthy Attributes of Lazarus APT Group: Evading Detection with Extended Attributes
APT Lazarus: Eager Crypto Beavers, Video calls and Games

Meet Group-IB's top 10 Masked Actors here - and stay one step ahead in the fight against cybercrime.

Send us a text

If a cybercriminal steals your password, you can change it. But what happens if they steal your face?

Former soldier turned hacker, Gary Ruddell and financial crime veteran, Nick Palmer, explore the actors behind GoldFactory - a cybercriminal group stealing users' facial recognition data to clean out victims bank accounts.

Joined by Craig Jones, who spent five years at Interpol as the director of cybercrime, Group-IB's Gary and Nick explore how masked actors are exploiting AI and Deepfakes for financial gain.

In this episode, they dig into the novel tactics of this Chinese-speaking group who created a first of its kind iOS trojan to steal biometric data and bypass banking facial recognition security systems. Together they unpick how cybercriminals are adopting new technologies and franchising their efforts to manipulate more victims and increase their payoff.

By understanding who these actors are and how they operate, you can better anticipate threats and protect yourself in an increasingly hostile digital world.

Subscribe now to meet these Masked Actors — and stay one step ahead in the fight against cybercrime.

Episode links:
Group-IB's Top 10 Masked Actors
Face Off: Group-IB identifies first iOS trojan stealing facial recognition data
Gold Rush is back to APAC: Group-IB unveils first iOS trojan stealing your face

Meet Group-IB's top 10 Masked Actors here - and stay one step ahead in the fight against cybercrime.