Latest news with #DmitryVolkov
HKFP
3 days ago
- Business
- HKFP
Chinese tech firm Tencent seeks removal of anti-censorship archive FreeWeChat, watchdog says
Chinese tech giant Tencent is seeking the removal of an archive developed by GreatFire, according to a statement released by the anti-censorship group last week. The website specialises in surfacing deleted or blocked WeChat posts on politically sensitive topics. According to the statement, the conglomerate's legal representative, Group-IB, accused FreeWeChat of trademark and copyright infringement, submitting a takedown complaint to the site's hosting provider on June 12. GreatFire have denied the claims: 'They cite the use of the word 'WeChat' in our domain, even though FreeWeChat does not use WeChat's logo, claim affiliation, or distribute any modified WeChat software. The claim is thin, but the intent is clear: shut down a watchdog.' 'This escalation comes amid a tightening censorship regime inside China and dwindling international support for digital rights work due to foreign aid cuts,' they added. Despite rebutting the allegations, the hosting provider complied and removed an instance of the site, GreatFire said. It was 'a troubling indication of how even flimsy legal threats can silence public-interest platforms,' it added. Nevertheless, the site was accessible as of HKFP's checks on Thursday, with GreatFire saying it will not comply with the takedown order and was seeking legal assistance and technical support to ensure the website remains accessible. A spokesperson told HKFP on Wednesday that they 'already had two hosts for this website – as far as we know, the second one has not been contacted or, if they have, they have not taken action… we hope that our hosting provider will change their decision and – if not – we will pursue legal action.' Tencent did not respond to a request for comment on Wednesday. Transparency platform Launched in 2016, FreeWeChat was designed to challenge growing censorship in China. The site archives and republishes public posts from official WeChat accounts, allowing users to view censored content, including posts removed from the Tencent-owned platform due to political sensitivity. 'With over 175,000 unique visitors in the past three months, the site serves researchers, journalists, and Chinese citizens seeking transparency about the topics WeChat's owner, Tencent, suppresses,' said GreatFire in the statement. 'This isn't our first battle, nor will it be our last. Over the years, our projects have documented thousands of censored articles, circumvented China's Great Firewall… With the support of our users and allies, we will continue to shine a light on censorship, no matter how hard its corporate and state sponsors try to shut it off,' they added. Group-IB's leadership includes entrepreneur Dmitry Volkov and Craig Jones, former director of cybercrime at INTERPOL.
Khaleej Times
26-06-2025
- Business
- Khaleej Times
Cyber Threats in 2025: How Key Stakeholders in the Middle East Can Stay One Step Ahead
In an era marked by fast-paced digitisation and AI-driven innovation, the region's strategic sectors - finance, government, telecom have become prime targets for an increasingly sophisticated breed of cybercriminals. From deepfake-powered scams to state-backed espionage, the threats are no longer at the door - they're already inside the system. In a recent video interview, Dmitry Volkov, CEO of Group-IB, shared exclusive insights on the findings of the firm's High-Tech Crime Trends Report 2025, a comprehensive guide that's fast-becoming essential reading for CISOs and other decision makers in the region. "Cybercrime today is not just evolving, it's adapting to the way we work, live, and build," says Volkov. "Threat actors are using artificial intelligence, targeting regional economic powerhouses, and exploiting our own digital infrastructure against us." According to Group-IB's latest findings, the most urgent threat sweeping across the Middle East is fraud in all its forms, especially AI-powered fraud, which includes deepfakes, voice cloning, and hyper-targeted phishing attacks. "What's particularly alarming is how attackers are now impersonating oil and gas firms rather than banks,' explains Volkov. 'They're adapting to the region's economic structure and exploiting public trust in iconic brands and institutions." Persistent Threats and the Rise of Hacktivism Advanced Persistent Threat (APT) groups, many of which are nation-state sponsored, are now targeting sectors that form the backbone of regional security. These attackers are no longer just stealing data, they're laying the groundwork for long-term disruption. "Some threat actors are leveraging politically motivated hacktivists to do their bidding - often unknowingly," Volkov adds. "We're seeing coordinated campaigns where hacktivism and espionage blur dangerously." For security leaders, the technical landscape is clear. Email remains a top entry point for attackers, with phishing campaigns evolving in complexity. Meanwhile, remote access tools like VPNs and firewalls meant to protect are now being exploited for lateral movement within networks. "CISOs must closely monitor both compromise credentials in dark web and internal access controls,' warns Volkov. 'It's no longer about building a wall - it's about monitoring every door and window, continuously." Building Cyber Resilience from the Inside Out So how can organizations stay ahead? According to Volkov, the key lies in building end-to-end cyber resilience from the cloud to the customer. "In sectors like finance and telecom, behavior-based threat detection is crucial," he says. "It's not enough to know something went wrong, you have to detect what's out of character before the damage is done." Moreover, with AI becoming central to business strategies, securing the full AI lifecycle - from data ingestion to model deployment - has emerged as a new boardroom priority. Group-IB's Three-Pronged Defense Strategy To address these evolving threats, Group-IB is helping businesses secure their environment across three key dimensions. First, beyond the perimeter, the company's Threat Intelligence solutions offer early warnings by monitoring dark web activity and tracking threat actors before they strike. "We don't wait for an attack to happen, we anticipate it," says Volkov. Second, at the perimeter, Group-IB's External Attack Surface Management simulates how hackers view a business, identifying and patching the most vulnerable entry points. "If you don't know what's exposed, you can't protect it," he explains. Finally, inside the network, the company's company's Managed Extended Detection and Response (XDR) solution consolidates detection and response across emails, endpoints, servers, and cloud infrastructure. This gives security teams full visibility and enables fast incident remediation. As Volkov puts it, "It's the difference between a breach becoming a headline - or a footnote." Why CISOs Need the 2025 Report "To make the right decisions, you need to understand the wrong moves others have made - before you repeat them," he advises. "This report helps leaders not just react, but predict, plan, and prepare."
Channel Post MEA
19-06-2025
- Channel Post MEA
Group-IB Announces Support For INTERPOL's Operation Secure
Group-IB has announced its support for Operation Secure, a major law enforcement initiative led by INTERPOL across the Asia-Pacific region. The operation resulted in the arrest of 32 suspects and the dismantling of vast criminal infrastructures responsible for infostealer malware campaigns targeting individuals and businesses worldwide. Conducted between January and April 2025, Operation Secure was coordinated by INTERPOL under the Asia & South Pacific Joint Operations Against Cybercrime (ASPJOC) framework. It brought together law enforcement agencies from 26 countries and private cybersecurity firms including Group-IB, Kaspersky, and Trend Micro. Group-IB played a central role in providing threat intelligence on infostealer malware such as Lumma, Risepro, and META Stealer. This malware is used by cybercriminals to steal sensitive information, including login credentials, cookies, payment details, and crypto wallet data, often serving as the initial vector for more damaging attacks such as financial fraud and ransomware. Through the collective efforts of law enforcement and cybersecurity partners, more than 20,000 malicious IPs and domains were taken offline, effectively neutralizing 79% of the identified malicious infrastructure. In addition, 41 servers were seized, and more than 100 GB of stolen data was recovered, including compromised credentials linked to over 216,000 victims, all of whom have since been notified to take protective actions. The operation also led to 32 arrests, including 18 individuals in Vietnam, and another 14 across Sri Lanka and Nauru. In Vietnam, authorities seized over VND$300 million in cash, multiple SIM cards, and business registration documents connected to illicit cyber activity. In Hong Kong, investigators discovered 117 command-and-control servers hosted across 89 different ISPs, underlining the global spread of the threat infrastructure. Neal Jetton, INTERPOL's Director of Cybercrime, emphasized the significance of cross-border collaboration, stating: 'INTERPOL continues to support practical, collaborative action against global cyber threats. Operation Secure has once again shown the power of intelligence sharing in disrupting malicious infrastructure and preventing large-scale harm to both individuals and businesses.' Dmitry Volkov, CEO of Group-IB, echoed the importance of public-private cooperation: 'The compromised credentials and sensitive data acquired by cybercriminals through infostealer malware often serve as initial vectors for financial fraud and ransomware attacks. By sharing actionable intelligence with INTERPOL and local law enforcement agencies, we are helping to dismantle the infrastructure behind these attacks and protecting both organizations and individuals globally.' Group-IB's collaboration with INTERPOL extends beyond the Asia-Pacific region. The company also supported Operation Red Card, a major international crackdown on cybercrime across Africa that led to the arrest of over 300 cybercriminals and the disruption of criminal networks behind scams targeting thousands of victims. As an official INTERPOL Gateway Partner and an active contributor to global investigations, Group-IB works closely with international law enforcement bodies including INTERPOL, EUROPOL, and AFRIPOL to build a safer cyberspace. The company is also a member of EUROPOL's European Cybercrime Centre (EC3) Advisory Group on Internet Security, which strengthens cooperation between Europol and trusted private-sector partners. Group-IB remains committed to supporting intelligence-led operations that help dismantle cybercriminal infrastructure and protect individuals and businesses worldwide.
Zawya
02-06-2025
- Business
- Zawya
Group-IB has participated in 1,550 global cybersecurity cases
Cairo - Dmitry Volkov the Founder and CEO of Group-IB highlighted the significant evolution of cyberattacks in recent years, stating that their impact now extends beyond financial losses to include reputation and trust, which are essential for the success of organizations. 'In the past, the cost of a cyberattack was measured in small financial amounts. Today, the situation is entirely different; the cost encompasses both money and reputation. For instance, if a bank suffers a cyberattack and customers start discussing on social media that the bank does not adequately secure their data, this can severely damage the bank's image. Customers might revert to waiting in line at branches rather than using digital applications, posing a major challenge for the bank.' He added, 'To become an expert and a technical witness in this field, one must undergo tough and challenging experiences. We call this 'going through the mill,' which is a necessary experience to gain true knowledge. At Group-IB, we believe our credibility stems from our ability to train and qualify human resources, not just from providing technical services.' 'Fraud is everywhere. We stop it.' He continued, 'We use the term 'fraud' to describe a variety of deceptive practices, including scam calls, phishing websites, and more. It's a global issue, and unfortunately, every time we look at the various schemes showing fraudulent activity, we find they are on the rise.' Volkov noted that the company is committed to localizing technology in every market it operates in, explaining, 'We have high competencies and numerous specialized experts from strong security and technical backgrounds. This is an integral part of what we do in our centers worldwide, including France. We begin by localizing technology and then establish partnerships with many local institutes. We already have partnerships that enable us to offer recognized certifications and training courses.' He added, 'Our training programs are among the best in this field because we have been working in this sector for over 22 years, and that's all we do. Even the technologies we use globally are developed in-house. We are, in fact, the only company that fully develops its technologies with its own teams.' Volkov explained that the company employs a significant number of staff with security backgrounds, stating, 'These employees combine security and technical expertise, and they are the ones developing our products. Even the tools used by security agencies globally are developed by us. This gives our technologies credibility and strength.' He continued, 'We contribute by providing information and analysis regarding the complex strategies of cyberattacks. For example, Group-IB has participated in 1,550 global cybersecurity cases, a number that reflects our volume of work and impact. We don't just offer consulting services; we work with law enforcement and participate in investigations.' Volkov emphasized the importance of cybersecurity, stating, 'If you don't invest in cybersecurity, you won't have a digital economy.' He explained, 'People now realize that cybersecurity is not just a cost center but is critical to developing a successful digital economy.'
Forbes
13-05-2025
- Forbes
The 3 Masked Hackers Behind The World's Most Prolific Cyberattacks
10 masked cybercrime actors revealed. From ransomware attacks demanding ridiculous payments of $1 trillion, or using insidious methods to watch victims at work, through to hackers stealing billions of passwords and publishing them to the dark web, cybercrime has never been as rife as it is today. Despite the best efforts of everyone from Google, Microsoft, and even the FBI, the attacks continue. But who are the hackers behind the crimes, the threat actors operating in the shadows to deliver these attacks? A newly published report has analyzed more than 1500 separate cybercrime investigations to reveal the most prolific cybercriminal groups, the masked hackers that continue to shape the threatscape. New threat actors are continually emerging across the criminal landscape, often arising from the ashes of cybercrime groups that have been disrupted by law enforcement or have suffered from internal conflicts that lead to their disbandment. While some of these will gain traction and, in time, become an unwelcome addition to the cybersecurity lexicon, most will fall by the wayside. Those groups that have not only survived but are prospering are among the most prolific criminal actors operating today. 'Cross-border investigations and intelligence sharing are increasingly constrained by jurisdictional divides,' Dmitry Volkov, the Group-IB CEO, said, 'creating gaps that cybercriminals are quick to exploit.' Perhaps that partly explains why these gangs experience such longevity and success. The May 13 High-Tech Crime Trends Report 2025, has analyzed more than 1,500 cybercrime investigations, enabling Group-IB threat intelligence analysts to identify who these groups are. It may come as something of a surprise, even to those who follow cybercrime reporting religiously, that the vast majority of the names on the list are unfamiliar. Before we get to that, however, let's take a look at some of the other intelligence that this report has revealed concerning the cybercriminal threat landscape across 2024: The U.S. hit hardest by ransomware attacks in 2024. Although the full report is well worth reading, I would be doing a disservice if I didn't highlight the most prolific threat actors called out by the intelligence analysts across one or two important sectors. There's the intriguingly-named 'NoName057(16)' sitting at the top of the hacktivist groups tree. Pro-Russian, and primarily using Distributed-Denial-of-Service attacks against government and financial institutions, NoName057(16) is said to be driven by 'political motives, particularly against information resources located in Europe.' When it comes to APT attacks, Dark Pink sits at the top of the list by number of attacks, but Group-IB was unable to attribute these connected campaigns to any specific group. So, for me at least, that puts APT28 at number one — another Russian-speaking group, known to employ the currently highly-exploited ClickFix attack methodology using malicious CAPTCHA dialogs. OK, let's move on to those three masked actors, the cybercriminal groups that have dominated cyberattacks during the past year, according to Group-IB threat intelligence. The RansomHub ransomware-as-a-service operators, arising from the ashes of the infamous ALPHV or BlackCat group before it, are the prime cybercriminal gang. Since launching at the start of 2024, RansomHub has 'already surpassed even long-established cybercriminals in attacks,' according to the report, and is now the dominant force in the ransomware threat sector. RansomHub - the number one most prolific cybercrime gang. Sitting behind RansomHub, which you may have heard of, is GoldFactory, which you likely haven't. This mobile banking malware group was behind the first iOS banking trojan, which harvested facial recognition data to use in attacks. And in third place, one you will definitely know: Lazarus. This nation-state actor, which is known to keep rising from the dead, hence the original name, although it operates under many a pseudonym to evade detection, is thought to operate under the control of the North Korean intelligence agency, the Reconnaissance General Bureau. One thing is certain: these masked hackers, all of whom are included in the report and featured in an accompanying podcast, are well worth getting to know if you want to stay ahead in your defense efforts against them.
