Group-IB

Last updated

Group-IB
Company type Private
IndustryCybercrime
Founded Moscow, Russia
Headquarters
Moscow and Singapore
Key people
  • Dmitry Volkov, CEO Singapore
  • Valery Baulin, CEO Moscow
  • Ilya Sachkov, founder and owner (37.5%)
Website

Group-IB is a cybersecurity company founded in 2003 in Moscow. In 2023, it split into two companies with a branch remaining in Moscow branded F.A.C.C.T. Group-IB and a branch in Singapore.

History

Group-IB was founded in 2003 by Ilya Sachkov and Dmitry Volkov in Russia. The company moved to Singapore in 2019. [1] In July 2020, it received funding from the Cyber Security Agency of Singapore through venture capital firm TNB Ventures. [2]

In September 2021, Ilya Sachkov, its co-founder and CEO, was detained by Russian authorities for treason. [3] He was sentenced to 14 years in prison. [4] The Russian and international business were later split with the business sold in April 2023 to Russian management to be branded FACCT. [5] [6] FACCT would market Group-IB products and services while being a separate entity allowing Group-IB to not directly have a presence. [7] Ilya Sachkov maintains his involvement in the Russian business. [8]

In 2023, the company split with a headquarters in Singapore and in Moscow. [5] In December 2023, the Moscow office discovered that a hacking group was targeting Russian companies with a war-related phishing attack. [9]

Related Research Articles

<span class="mw-page-title-main">Bitdefender</span> Romanian cybersecurity technology company

Bitdefender is a multinational cybersecurity technology company dual-headquartered in Bucharest, Romania and Santa Clara, California, with offices in the United States, Europe, Australia and the Middle East.

Cyberwarfare by Russia includes denial of service attacks, hacker attacks, dissemination of disinformation and propaganda, participation of state-sponsored teams in political blogs, internet surveillance using SORM technology, persecution of cyber-dissidents and other active measures. According to investigative journalist Andrei Soldatov, some of these activities were coordinated by the Russian signals intelligence, which was part of the FSB and formerly a part of the 16th KGB department. An analysis by the Defense Intelligence Agency in 2017 outlines Russia's view of "Information Countermeasures" or IPb as "strategically decisive and critically important to control its domestic populace and influence adversary states", dividing 'Information Countermeasures' into two categories of "Informational-Technical" and "Informational-Psychological" groups. The former encompasses network operations relating to defense, attack, and exploitation and the latter to "attempts to change people's behavior or beliefs in favor of Russian governmental objectives."

Trellix is a privately held cybersecurity company that was founded in 2022. It has been involved in the detection and prevention of major cybersecurity attacks. It provides hardware, software, and services to investigate cybersecurity attacks, protect against malicious software, and analyze IT security risks.

<span class="mw-page-title-main">Kaspersky Lab</span> Russian multinational cybersecurity and anti-virus provider

Kaspersky Lab is a Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia, and operated by a holding company in the United Kingdom. It was founded in 1997 by Eugene Kaspersky, Natalya Kaspersky and Alexey De-Monderik. Kaspersky Lab develops and sells antivirus, internet security, password management, endpoint security, and other cybersecurity products and services.

Trustwave is an American cybersecurity subsidiary of The Chertoff Group. It focuses on providing managed detection and response (MDR), managed security services (MSS), database security, and email security to organizations around the globe.

<span class="mw-page-title-main">Palo Alto Networks</span> American technology company

Palo Alto Networks, Inc. is an American multinational cybersecurity company with headquarters in Santa Clara, California. The core product is a platform that includes advanced firewalls and cloud-based offerings that extend those firewalls to cover other aspects of security. The company serves over 70,000 organizations in over 150 countries, including 85 of the Fortune 100. It is home to the Unit 42 threat research team and hosts the Ignite cybersecurity conference. It is a partner organization of the World Economic Forum.

<span class="mw-page-title-main">Dmitri Alperovitch</span> American computer security industry executive (born 1980)

Dmitri Alperovitch is an American think-tank founder, author, philanthropist, podcast host and former computer security industry executive. He is the chairman of Silverado Policy Accelerator, a geopolitics think-tank in Washington, D.C., and a co-founder and former chief technology officer of CrowdStrike. Alperovitch is a naturalized U.S. citizen born in Russia who immigrated from the country in 1994 with his family.

<span class="mw-page-title-main">RiskIQ</span> American cyber security company

RiskIQ, Inc. was a cyber security company that was based in San Francisco, California. It provided cloud-based software as a service (SaaS) for organizations to detect phishing, fraud, malware, and other online security threats.

Cyren Inc. was a cloud-based Internet security technology company that provided security services and threat intelligence services to businesses. It offered a range of services including web security, DNS security, anti-spam solutions, phishing detection, ransomware protection, URL filtering, malware detection, and botnet attack prevention. Cyren also provided endpoint protection for mobile devices and Internet of Things (IoT) gateways. Major clients included Microsoft, Google, Check Point, Dell, T-Mobile, and Intel. The company announced its closure in February 2023.

Carbanak is an APT-style campaign targeting financial institutions, that was discovered in 2014 by the Russian cyber security company Kaspersky Lab. It utilizes malware that is introduced into systems running Microsoft Windows using phishing emails, which is then used to steal money from banks via macros in documents. The hacker group is said to have stolen over 900 million dollars from the banks as well as money from over a thousand private customers.

Cozy Bear is a Russian advanced persistent threat hacker group believed to be associated with Russian foreign intelligence by United States intelligence agencies and those of allied countries. Dutch signals intelligence (AIVD) and American intelligence had been monitoring the group since 2014 and was able to link the hacker group to the Russian foreign intelligence agency (SVR) after compromising security cameras in their office. CrowdStrike and Estonian intelligence reported a tentative link to the Russian domestic/foreign intelligence agency (FSB). Various groups designate it CozyCar, CozyDuke, Dark Halo, The Dukes, Midnight Blizzard, NOBELIUM, Office Monkeys, StellarParticle, UNC2452 with a tentative connection to Russian hacker group YTTRIUM. Symantec reported that Cozy Bear had been compromising diplomatic organizations and national governments since at least 2010. Der Spiegel published documents in 2023 purporting to link Russian IT firm NTC Vulkan to Cozy Bear operations.

Fancy Bear is a Russian cyber espionage group. Cybersecurity firm CrowdStrike has said with a medium level of confidence that it is associated with the Russian military intelligence agency GRU. The UK's Foreign and Commonwealth Office as well as security firms SecureWorks, ThreatConnect, and Mandiant, have also said the group is sponsored by the Russian government. In 2018, an indictment by the United States Special Counsel identified Fancy Bear as GRU Unit 26165. This refers to its unified Military Unit Number of the Russian army regiments. The headquarters of Fancy Bear and the entire military unit, which reportedly specializes in state-sponsored cyberattacks and decryption of hacked data, were targeted by Ukrainian drones on July 24, 2023, the rooftop on an adjacent building collapsed as a result of the explosion.

CrowdStrike Holdings, Inc. is an American cybersecurity technology company based in Austin, Texas. It provides endpoint security, threat intelligence, and cyberattack response services.

Charming Kitten, also called APT35, Phosphorus or Mint Sandstorm, Ajax Security, and NewsBeef, is an Iranian government cyberwarfare group, described by several companies and government officials as an advanced persistent threat.

Sergei Mikhailov was deputy head of the FSB security agency’s Center for Information Security. In February 2019, he was sentenced to 22 years in prison for treason.

Ghostwriter, also known as UNC1151 and Storm-0257 by Microsoft, is a hacker group allegedly originating from Belarus. According to the cybersecurity firm Mandiant, the group has spread disinformation critical of NATO since at least 2016.

<span class="mw-page-title-main">Ilya Sachkov</span> Russian entrepreneur

Ilya Sachkov is a Russian cybersecurity expert and founder and CEO of Group-IB, a cybersecurity company specialising in the detection and prevention of cyberattacks. He received an award from Russian President Vladimir Putin for his work in 2019. In September 2021, he was detained by the Russian government's Federal Security Service on treason charges.

<span class="mw-page-title-main">2022 Ukraine cyberattacks</span> Attack on Ukrainian government and websites

During the prelude to the Russian invasion of Ukraine and the Russian invasion of Ukraine, multiple cyberattacks against Ukraine were recorded, as well as some attacks on Russia. The first major cyberattack took place on 14 January 2022, and took down more than a dozen of Ukraine's government websites. According to Ukrainian officials, around 70 government websites, including the Ministry of Foreign Affairs, the Cabinet of Ministers, and the National and Defense Council (NSDC), were attacked. Most of the sites were restored within hours of the attack. On 15 February, another cyberattack took down multiple government and bank services.

<span class="mw-page-title-main">IT Army of Ukraine</span> Ukrainian cyberwarfare volunteer group

The IT Army of Ukraine is a volunteer cyberwarfare organisation created at the end of February 2022 to fight against digital intrusion of Ukrainian information and cyberspace after the beginning of the Russian invasion of Ukraine on February 24, 2022. The group also conducts offensive cyberwarfare operations, and Chief of Head of State Special Communications Service of Ukraine Victor Zhora said its enlisted hackers would only attack military targets.

Fortra is an American cybersecurity company based in Eden Prairie, Minnesota. The company was founded as Help/38 in 1982, rebranded as HelpSystems in 1988, and became Fortra in 2022. Fortra is owned by private equity firms TA Associates, Harvest Partners, Charlesbank Capital Partners, and HGGC.

References

  1. "Russian cyber titan Group-IB makes Singapore home". Channel Asia. Retrieved 2024-03-10.
  2. Desk, AIT News (2020-07-30). "Group-IB Receives Funding from CSA". AiThority. Retrieved 2024-03-10.{{cite web}}: |last= has generic name (help)
  3. "Russia detains cyber-security tycoon Ilya Sachkov in treason case". 2021-09-29. Retrieved 2024-03-10.
  4. "Russian cybersecurity chief jailed for 14 years for treason". Al Jazeera. Retrieved 2024-03-10.
  5. 1 2 "Cyber firm Group-IB to split Russian, international businesses". Reuters. July 6, 2022.
  6. Marrow, Alexander (April 20, 2023). "Cyber firm Group-IB finalizes Russia split to spur global ambitions". Reuters.
  7. https://www.theregister.com/2023/06/29/russian_facct_employee_extradiation/
  8. "F.A.S.S.T. created the Cybersecurity Center". TAdviser.ru. Retrieved 2024-11-21.
  9. "Cyber-espionage group Cloud Atlas targets Russian companies with war-related phishing attacks". therecord.media. Retrieved 2024-11-21.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.