Group-IB

Last updated
Group-IB
Company type Private
IndustryCybercrime
Founded Moscow, Russia
Headquarters
Moscow and Singapore
Key people
  • Dmitry Volkov, CEO Singapore
  • Valery Baulin, CEO Moscow
  • Ilya Sachkov, founder and owner (37.5%)
Website

Group-IB is a cybersecurity company founded in 2003 in Moscow. In 2023, it split into two companies with a branch remaining in Moscow branded F.A.C.C.T. Group-IB and a branch in Singapore. [1]

History

Group-IB was founded in 2003 by Ilya Sachkov and Dmitry Volkov in Russia. The company moved to Singapore in 2019. [2] In July 2020, it received funding from the Cyber Security Agency of Singapore through venture capital firm TNB Ventures. [3]

It cooperated with Guardia di Finanza (GdF) as part of the operation No-vax free in 2021 to identify criminals trading in fake COVID-19 green passes. [4]

In September 2021, Ilya Sachkov, its co-founder and CEO, was detained by Russian authorities for treason. [5] He was sentenced to 14 years in prison. [6] The Russian and international business were later split with the business sold in April 2023 to Russian management to be branded FACCT. [7] [8] FACCT would market Group-IB products and services while being a separate entity allowing Group-IB to not directly have a presence. [9] Ilya Sachkov maintains his involvement in the Russian business. [10]

In 2022, the firm worked with the Dutch police in an operation to apprehend alleged members of a phishing group. [11] [12] In 2023, the company split with a headquarters in Singapore and in Moscow. [1] In December 2023, the Moscow office discovered that a hacking group was targeting Russian companies with a war-related phishing attack. [13]

Group-IB signed a MoU with AFRIPOL to strengthen cybersecurity capabilities in 2024 and extended their strategic partnership with Interpol at INTERPOL Global Complex for Innovation in Singapore. [14] [15] [16]

Related Research Articles

<span class="mw-page-title-main">Computer security</span> Protection of computer systems from information disclosure, theft or damage

Computer security is the protection of computer software, systems and networks from threats that can lead to unauthorized information disclosure, theft or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

<span class="mw-page-title-main">Cybercrime</span> Type of crime based in computer networks

Cybercrime encompasses a wide range of criminal activities that are carried out using digital devices and/or networks. These crimes involve the use of technology to commit fraud, identity theft, data breaches, computer viruses, scams, and expanded upon in other malicious acts. Cybercriminals exploit vulnerabilities in computer systems and networks to gain unauthorized access, steal sensitive information, disrupt services, and cause financial or reputational harm to individuals, organizations, and governments.

<span class="mw-page-title-main">Trend Micro</span> Japanese multinational cyber security company

Trend Micro Inc. is an American-Japanese cyber security software company. The company has globally dispersed R&D in 16 locations across every continent excluding Antarctica. The company develops enterprise security software for servers, containers, and cloud computing environments, networks, and end points. Its cloud and virtualization security products provide automated security for customers of VMware, Amazon AWS, Microsoft Azure, and Google Cloud Platform.

Netcraft is an Internet services company based in London, England. The company provides cybercrime disruption services across a range of industries.

Fortinet, Inc. is a cybersecurity company with headquarters in Sunnyvale, California. The company develops and sells security solutions like firewalls, endpoint security and intrusion detection systems. Fortinet has offices located all over the world.

A cybersecurity regulation comprises directives that safeguard information technology and computer systems with the purpose of forcing companies and organizations to protect their systems and information from cyberattacks like viruses, worms, Trojan horses, phishing, denial of service (DOS) attacks, unauthorized access and control system attacks. While cybersecurity regulations aim to minimize cyber risks and enhance protection, the uncertainty arising from frequent changes or new regulations can significantly impact organizational response strategies.

Cyberwarfare by Russia includes denial of service attacks, hacker attacks, dissemination of disinformation and propaganda, participation of state-sponsored teams in political blogs, internet surveillance using SORM technology, persecution of cyber-dissidents and other active measures. According to investigative journalist Andrei Soldatov, some of these activities were coordinated by the Russian signals intelligence, which was part of the FSB and formerly a part of the 16th KGB department. An analysis by the Defense Intelligence Agency in 2017 outlines Russia's view of "Information Countermeasures" or IPb as "strategically decisive and critically important to control its domestic populace and influence adversary states", dividing 'Information Countermeasures' into two categories of "Informational-Technical" and "Informational-Psychological" groups. The former encompasses network operations relating to defense, attack, and exploitation and the latter to "attempts to change people's behavior or beliefs in favor of Russian governmental objectives."

<span class="mw-page-title-main">Kaspersky Lab</span> Russian multinational cybersecurity and anti-virus provider

Kaspersky Lab is a Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia, and operated by a holding company in the United Kingdom. It was founded in 1997 by Eugene Kaspersky, Natalya Kaspersky and Alexey De-Monderik. Kaspersky Lab develops and sells antivirus, internet security, password management, endpoint security, and other cybersecurity products and services.

<span class="mw-page-title-main">Bill Conner</span> American businessman

F. William Conner is an American business executive. Conner has worked across a variety of high-tech industries, specializing in corporate turnaround, cybersecurity, data and infrastructure.

<span class="mw-page-title-main">Palo Alto Networks</span> American technology company

Palo Alto Networks, Inc. is an American multinational cybersecurity company with headquarters in Santa Clara, California. The core product is a platform that includes advanced firewalls and cloud-based offerings that extend those firewalls to cover other aspects of security. The company serves over 70,000 organizations in over 150 countries, including 85 of the Fortune 100. It is home to the Unit 42 threat research team and hosts the Ignite cybersecurity conference. It is a partner organization of the World Economic Forum.

Cyren Inc. was a cloud-based Internet security technology company that provided security services and threat intelligence services to businesses. It offered a range of services including web security, DNS security, anti-spam solutions, phishing detection, ransomware protection, URL filtering, malware detection, and botnet attack prevention. Cyren also provided endpoint protection for mobile devices and Internet of Things (IoT) gateways. Major clients included Microsoft, Google, Check Point, Dell, T-Mobile, and Intel. The company announced its closure in February 2023.

Carbanak is an APT-style campaign targeting financial institutions, that was discovered in 2014 by the Russian cyber security company Kaspersky Lab. It utilizes malware that is introduced into systems running Microsoft Windows using phishing emails, which is then used to steal money from banks via macros in documents. The hacker group is said to have stolen over 900 million dollars, from the banks as well as from over a thousand private customers.

Cozy Bear is a Russian advanced persistent threat hacker group believed to be associated with Russian foreign intelligence by United States intelligence agencies and those of allied countries. Dutch signals intelligence (AIVD) and American intelligence had been monitoring the group since 2014 and was able to link the hacker group to the Russian foreign intelligence agency (SVR) after compromising security cameras in their office. CrowdStrike and Estonian intelligence reported a tentative link to the Russian domestic/foreign intelligence agency (FSB). Various groups designate it CozyCar, CozyDuke, Dark Halo, The Dukes, Midnight Blizzard, NOBELIUM, Office Monkeys, StellarParticle, UNC2452 with a tentative connection to Russian hacker group YTTRIUM. Symantec reported that Cozy Bear had been compromising diplomatic organizations and national governments since at least 2010. Der Spiegel published documents in 2023 purporting to link Russian IT firm NTC Vulkan to Cozy Bear operations.

Fancy Bear is a Russian cyber espionage group. Cybersecurity firm CrowdStrike has said with a medium level of confidence that it is associated with the Russian military intelligence agency GRU. The UK's Foreign and Commonwealth Office as well as security firms SecureWorks, ThreatConnect, and Mandiant, have also said the group is sponsored by the Russian government. In 2018, an indictment by the United States Special Counsel identified Fancy Bear as GRU Unit 26165. This refers to its unified Military Unit Number of the Russian army regiments. The headquarters of Fancy Bear and the entire military unit, which reportedly specializes in state-sponsored cyberattacks and decryption of hacked data, were targeted by Ukrainian drones on July 24, 2023, the rooftop on an adjacent building collapsed as a result of the explosion.

CrowdStrike Holdings, Inc. is an American cybersecurity technology company based in Austin, Texas. It provides endpoint security, threat intelligence, and cyberattack response services.

A threat actor, bad actor or malicious actor is either a person or a group of people that take part in an action that is intended to cause harm to the cyber realm including: computers, devices, systems, or networks. The term is typically used to describe individuals or groups that perform malicious acts against a person or an organization of any type or size. Threat actors engage in cyber related offenses to exploit open vulnerabilities and disrupt operations. Threat actors have different educational backgrounds, skills, and resources. The frequency and classification of cyber attacks changes rapidly. The background of threat actors helps dictate who they target, how they attack, and what information they seek. There are a number of threat actors including: cyber criminals, nation-state actors, ideologues, thrill seekers/trolls, insiders, and competitors. These threat actors all have distinct motivations, techniques, targets, and uses of stolen data. See Advanced persistent threats for a list of identified threat actors.

Sergei Mikhailov was deputy head of the FSB security agency’s Center for Information Security. In February 2019, he was sentenced to 22 years in prison for treason.

Ghostwriter, also known as UNC1151 and Storm-0257 by Microsoft, is a hacker group allegedly originating from Belarus. According to the cybersecurity firm Mandiant, the group has spread disinformation critical of NATO since at least 2016.

<span class="mw-page-title-main">Ilya Sachkov</span> Russian entrepreneur

Ilya Sachkov is a Russian cybersecurity expert and founder and CEO of Group-IB, a cybersecurity company specialising in the detection and prevention of cyberattacks. He received an award from Russian President Vladimir Putin for his work in 2019. In September 2021, he was detained by the Russian government's Federal Security Service on treason charges.

Fortra is an American cybersecurity company based in Eden Prairie, Minnesota. The company was founded as Help/38 in 1982, rebranded as HelpSystems in 1988, and became Fortra in 2022. Fortra is owned by private equity firms TA Associates, Harvest Partners, Charlesbank Capital Partners, and HGGC.

References

  1. 1 2 Page, Carly (2023-11-01). "With its exit from Russia complete, Group-IB plans its US expansion". TechCrunch. Retrieved 2024-11-21.
  2. "Russian cyber titan Group-IB makes Singapore home". Channel Asia. Retrieved 2024-03-10.
  3. Desk, AIT News (2020-07-30). "Group-IB Receives Funding from CSA". AiThority. Retrieved 2024-03-10.{{cite web}}: |last= has generic name (help)
  4. Redazione (2023-04-20). "Group-IB lascia il mercato russo e continua lotta a cyber crime". CyberSecurity Italia (in Italian). Retrieved 2024-03-10.
  5. "Russia detains cyber-security tycoon Ilya Sachkov in treason case". 2021-09-29. Retrieved 2024-03-10.
  6. "Russian cybersecurity chief jailed for 14 years for treason". Al Jazeera. Retrieved 2024-03-10.
  7. "Cyber firm Group-IB to split Russian, international businesses". Reuters. July 6, 2022.
  8. Marrow, Alexander (April 20, 2023). "Cyber firm Group-IB finalizes Russia split to spur global ambitions". Reuters.
  9. https://www.theregister.com/2023/06/29/russian_facct_employee_extradiation/
  10. "F.A.S.S.T. created the Cybersecurity Center". TAdviser.ru. Retrieved 2024-11-21.
  11. Starks, Tim (2021-07-23). "Dutch police bust alleged 'Fraud Family' phishing service members". CyberScoop. Retrieved 2024-03-10.
  12. Paganini, Pierluigi (2021-07-22). "Group-IB helps Dutch police identify members of phishing developer gang Fraud Family". Security Affairs. Retrieved 2024-03-10.
  13. "Cyber-espionage group Cloud Atlas targets Russian companies with war-related phishing attacks". therecord.media. Retrieved 2024-11-21.
  14. "INTERPOL and Group-IB extend strategic partnership to combat cybercrime worldwide - Defence & Security Middle East". Defence & Security Middle East. 2024-02-23. Retrieved 2024-03-28.
  15. "Cooperation AFRIPOL-GROUP IB to enhance cybersecurity across Africa - The AFRICAN Union Mechanism for Police Cooperation". 2024-02-20. Retrieved 2024-03-28.
  16. "AFRIPOL signs MoU with Group-IB to focus on cybersecurity - Edge Middle East". Edge Middle East. 2024-02-21. Retrieved 2024-03-28.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.