Welcome to EverybodyWiki 😃 ! Nuvola apps kgpg.png Log in or ➕👤 create an account to improve, watchlist or create an article like a 🏭 company page or a 👨👩 bio (yours ?)...


From EverybodyWiki Bios & Wiki

Group-IB is an international cybersecurity company, an official partner of Europol, OSCE, and the World Economic Forum.[1] The company is headquartered in Singapore.


Founded in 2003 by a group of Bauman Moscow State Technical University freshmen, led by Ilya Sachkov.[2][3]

In 2010, established the largest computer forensics laboratory in Eastern Europe.[4]

In 2011, Group-IB established its Computer Emergency Response Team (CERT).[5]

Since 2012 the company has been holding its annual CyberCrimeCon conference for threat hunting and threat intelligence researchers.

In 2015, Gartner included Group-IB Threat Intelligence in the top-7 global threat intelligence solutions along with products developed by IBM, FireEye, RSA and Check Point.[6]

In June 2019, Group-IB established its global headquarters in Singapore.


  • In 2019, Gartner listed Group-IB Secure Bank/Secure Portal in its 2019 Market Guide for Online Fraud Detection, having identified Group-IB as a Representative Vendor in Online Fraud Detection.
  • In 2019, Group-IB won the national finals of the Entrepreneurship World Cup.



In late 2014, Fox-IT and Group-IB jointly released a report on the Anunak (aka Carbanak) hacker group that had stolen more than 1 billion rubles from over 50 Russian banks. In Europe, Anunak attacked POS terminals of large retail store chains with data of several million clients infected.[7]

ISIS hacker attacks on Russian resources[edit]

In March 2015, Group-IB published research called "ISIS cyberattacks on Russian organizations", which covered hacking attempts into over 600 Russian Internet resources, made by the hackers of the Islamic State terrorist organization. In the study, Group-IB managed to link the attacks not only to the ISIS hacking division Cyber Caliphate but also to three other groups of over 40 people combined: Team System Dz, FallaGa Team, and Global Islamic Caliphate.[8]

Reverse ATM Attack[edit]

In autumn 2015, Group-IB reported a new type of targeted attacks — "Reverse ATM", which allowed criminals to steal money from ATMs. Five major Russian banks became victims of "Reverse ATM attacks" and thus lost 250 million rubles.[9]


In February 2016, Group-IB published a report titled "Analysis of attacks against trading and bank card systems" about the first major successful attack on a trading system that provoked major exchange volatility. In February 2015, the Corkow criminal group infected a trading system terminal of Kazan-based Energobank using specialized Trojan software, which resulted in trades of more than $400 million.[10]


In March 2016, Group-IB published a report on the activity of the Buhtrap criminal group that managed to conduct 13 successful attacks against Russian banks for a total amount of 1.8 billion rubles ($25.7 million) during the period from August 2015 to February 2016. The attack scheme outlined in the report published by Group-IB was later used to perform thefts via SWIFT.

Cobalt: logical attacks[edit]

In July 2016, 34 ATMs were robbed in Taiwan, which resulted in over $2 million being stolen. Group-IB uncovered the hackers' attack mechanism and released a report, which stated that the attacks across Europe are believed to have been conducted by a single criminal group called Cobalt. Since the two groups used similar tools and techniques, Group IB assumed that Cobalt was linked to the cybercrime gang dubbed Buhtrap.[11][12]

Lazarus: state-sponsored attack[edit]

In May 2017, Group-IB issued a report that proved there was a connection between Lazarus group, which stole $18 mln from Bangladesh Central Bank, conducted a number of attacks on Polish banks as well as attempted to infect hundreds of financial organizations in 30 countries around the globe, with North Korea. Company experts presented new evidence of Lazarus being linked to North Korea and revealed details of the attack.[13]


In July 2018, Group-IB experts conducted an incident response on the attack on PIR Bank (Russia), which resulted in the theft of 1 million US dollars, committed by the MoneyTaker hacking group. Funds were stolen on July 3 through the Russian Central Bank’s Automated Workstation Client (an interbank fund transfer system similar to SWIFT), transferred to 17 accounts at major Russian banks, and cashed out.


In September 2018, Group-IB released its first detailed report “Silence: Moving into the darkside” about the activities of a Russian-speaking hacker group Silence, which contained an in-depth analysis of the threat actor’s instruments, techniques, and attack scenarios.[14]

In August 2019, Group-IB released a technical report "Silence 2.0: going global". According to Group-IB’s data, the confirmed damage from Silence’s crimes totaled at least $4.2 million during the period from June 2016 to June 2019. The new report records a considerable expansion of the threat actor’s geography: analysts recorded Silence’s attacks in over 30 countries in Europe, Asia, and the CIS.


  1. "Customer Security Programme (CSP)". SWIFT. Retrieved 2019-11-07.
  2. "Криминалисты из интернета: как устроено главное в России кибердетективное агентство. Фото | Бизнес | Forbes.ru". www.forbes.ru. Retrieved 2018-08-08.
  3. Игорь Королев. Интерпол победил хакеров с помощью российского частного сектора. CNews, 29.04.2016
  4. Настя Черникова. Случай в Интернете. Esquire Россия, № 121, апрель 2016
  5. Group-IB запускает первый российский CERT. Security Lab, 25.10.2011
  6. Competitive Landscape: Threat Intelligence Services, Worldwide, 2017
  7. Thai bank shuts down half its ATMs after 'Eastern European cyber-gang' heist —
  8. Павел Кочегаров, Александр Раскин. Хакеры ИГИЛ зачастили в российский интернет. Газета «Известия», 20.10.2015
  9. Татьяна Алешкина. Хакеры изобрели новую схему воровства денег из банкоматов. РБК, 18.11.2015
  10. Павел Кантышев. Хакерская ловушка. Газета «Ведомости», № 4036, 18.03.2016
  11. Hackers target ATMs across Europe as cyber threat grows
  12. Ilya Khrennikov. New Russian Hacker Cell Hit 13 Banks Since August, Group-IB Says. Bloomberg, 17.03.2016
  13. "Специалисты Group-IB доказали связь Lazarus с Северной Кореей и изучили инструментарий группы - "Хакер"". «Хакер» (in русский). 2017-05-30. Retrieved 2018-08-08.
  14. Silence: Moving into the Darkside

This article "Group-IB" is from Wikipedia. The list of its authors can be seen in its historical and/or the page Edithistory:Group-IB. Articles copied from Draft Namespace on Wikipedia could be seen on the Draft Namespace of Wikipedia and not main one.