Masked Actors

Send us Fan MailCryptocurrency promised huge potential for investors. But it’s cybercriminals who are reaping the benefits. From multimillion-dollar ransomware payouts to borderless money laundering, cryptocurrency has quietly become the fuel powering a global cybercrime economy.As regulation evolves across multiple jurisdictions, gaps, inconsistencies, and the borderless nature of crypto continue to give criminal threat actors a simple workaround: move somewhere the rules don’t reach. This has created opportunities for cybercrime that groups such as TeamTNT have been quick to exploit.In this episode of Masked Actors, Group-IB’s Gary Ruddell and Nick Palmer are joined by Erica Stanford, Digital Asset, Crypto and AI Specialist at law firm CMS. She reveals the shadowy infrastructure and trail of crypto-enabled cybercrime that keeps hacking gangs like TeamTNT moving.By understanding who these actors are and how they operate, you can better anticipate threats and protect yourself in an increasingly hostile digital world.Subscribe to learn more about Group-IB's top 10 Masked Actors  - and stay one step ahead in the fight against cybercrime.FOLLOW GROUP-IBGroup-IB Threat Intelligence on X:   https://www.x.com/GroupIB_TIGroup-IB on X:  https://www.x.com/GroupIBGroup-IB on LinkedIn:  https://www.linkedin.com/company/group-ibGroup-IB on Facebook: https://www.facebook.com/groupibHQ/ Group-IB on Instagram: ...

Send us Fan MailIf evolution has taught humanity anything, it’s that adaptation is key to survival. As prey develop camouflage techniques, predators get faster, sturdier, and better at detection. Now this game of cat and mouse is taking over the digital world. All cybergangs are on a cycle of relentless adaptation – but a group that stands out from all the rest is Boolka, innovating near-constantly since it first landed on the cybercriminal scene in 2022. Its primary goal is to steal user data across high traffic websites – from usernames, passwords and even credit card information, and sell it for profit on the dark web. Group-IB’s Gary Ruddell and Nick Palmer are joined by Joel Fromont, Senior Manager of the EMEA Security Specialists Solutions Architect team at AWS, where they discuss how commercially minded adversaries innovate to stay active and avoid detection, how businesses can effectively respond to such a constantly moving target, and what steps can be taken by users to protect themselves online. By understanding who these actors are and how they operate, you can better anticipate threats and protect yourself in an increasingly hostile digital world.Subscribe to learn more about Group-IB's top 10 Masked Actors  - and stay one step ahead in the fight against cybercrime.FOLLOW GROUP-IBGroup-IB Threat Intelligence on X:   https://www.x.com/GroupIB_TIGroup-IB on X:  https://www.x.com/GroupIBGroup-IB on LinkedIn:  https://www.linkedin.com/company/group-ibGroup-IB on Facebook: https://www.facebook.com/groupibHQ/ Group-IB on Instagram: ...

Send us Fan MailIndonesia, June 2024 - 210 critical government agencies were crippled in one fell swoop. Immigration services were in disarray; customs officers locked out of critical systems and travellers left stranded in airport and ferry terminals facing delays that would continue for a full week.The culprit? Brain Cipher, a ransomware group barely a week old, which demanded a huge sum of $8M from Indonesia’s National Data Centre, bringing local government services to their knees. The chaos that followed lingers as a potent reminder of the widespread disruption across an entire nation that can stem from a single attack.Join Group-IB’s Gary Ruddell and Nick Palmer as they talk to Jennifer Soh, Cyber Investigation Lead for APAC at Group-IB, exploring what motivates cyber criminals to target national infrastructure, and what happens when the pillars that hold up our modern digital society - from government and defence to energy- are struck by cyber-attacks.Episode links:Group-IB's Top 10 Masked ActorsDeciphering the Brain Cipher RansomwarePatch or Peril: A Veeam vulnerability incidentBy understanding who these actors are and how they operate, you can better anticipate threats and protect yourself in an increasingly hostile digital world.Subscribe to learn more about Group-IB's top 10 Masked Actors  - and stay one step ahead in the fight against cybercrime.FOLLOW GROUP-IBGroup-IB Threat Intelligence on X:   https://www.x.com/GroupIB_TIGroup-IB on X:  https://www.x.com/GroupIBGroup-IB on LinkedIn:  https://www.linkedin.com/company/group-ibGroup-IB on Facebook: https://www.facebook.com/groupibHQ/ Group-IB on Instagram: ...

Send us Fan MailCyber criminals are masters at exploiting human vulnerability and trust. In Uzbek folklore, there's a creature known for causing chaos, preying on humans, lurking in the dark and changing its face to trick its victims before it pounces.  In December 2023, it lent its name to a sophisticated Android malware campaign using the same tactics that emerged in the digital underworld. The banking malware masqueraded as legitimate applications, leaving users confused – like its folklorish namesake – and surfaced from the dark to steal everything they had. Its codename: Ajina. Join Group-IB’s Gary Ruddell and Nick Palmer as they speak with Amy Grieveson, Director of Security and Behaviours at Monzo Bank, revealing the tricks used by financial fraudsters to get victims to hand over their most sensitive information. They discuss sophisticated social engineering deployed by cyber criminals, as well as how to flip the narrative around cyber defence from fear, to empowering consumers with the awareness and routines needed to maintain vigilance in a landscape rife with scams. Episode links:Group-IB's Top 10 Masked ActorsAjina attacks Central Asia: Story of an Uzbek Android PandemicBy understanding who these actors are and how they operate, you can better anticipate threats and protect yourself in an increasingly hostile digital world.Subscribe to learn more about Group-IB's top 10 Masked Actors  - and stay one step ahead in the fight against cybercrime.FOLLOW GROUP-IBGroup-IB Threat Intelligence on X:   https://www.x.com/GroupIB_TIGroup-IB on X:  https://www.x.com/GroupIBGroup-IB on LinkedIn:  https://www.linkedin.com/company/group-ibGroup-IB on Facebook: https://www.facebook.com/groupibHQ/ Group-IB on Instagram: ...

Send us Fan MailAs digital infrastructure becomes the backbone of global economies, cyber espionage has quietly evolved into one of the most powerful tools in modern statecraft. Behind the scenes, nation-backed threat groups like MuddyWater and OilRig operate sophisticated campaigns that blend malware, phishing, and social engineering to infiltrate governments, defence contractors, and critical industries. But these Advanced Persistent Threat groups aren’t motivated by fame or by fortune. They’re after insights on matters of national security, looking for long-term access to strategic intelligence, and preparing tactical disruption of their adversaries.  In this episode, Group-IB’s Gary Ruddell and Nick Palmer speak with Mansour Alhmoud, a cyber threat intelligence analyst at Group-IB responsible for tracking APT groups, to unearth how these groups operate and what organizations and governments should be doing to protect themselves against state-sponsored threats.Episode links:Group-IB's Top 10 Masked ActorsCatching fish in muddy watersClickFix: The Social Engineering Technique Hackers Use to Manipulate VictimsSimpleHarm: Tracking MuddyWater’s infrastructure"We find many things that others do not even see"Mapping the Infrastructure and Malware Ecosystem of MuddyWaterBy understanding who these actors are and how they operate, you can better anticipate threats and protect yourself in an increasingly hostile digital world.Subscribe to learn more about Group-IB's top 10 Masked Actors  - and stay one step ahead in the fight against cybercrime.FOLLOW GROUP-IBGroup-IB Threat Intelligence on X:   https://www.x.com/GroupIB_TIGroup-IB on X:  https://www.x.com/GroupIBGroup-IB on LinkedIn:  https://www.linkedin.com/company/group-ibGroup-IB on Facebook: https://www.facebook.com/groupibHQ/ Group-IB on Instagram: ...

Send us Fan MailForget everything you think you know about hackers. Today’s cybercriminals aren’t lurking in shadowy basements - they’re teenagers mastering cheat codes on Roblox, swapping tips on Discord, and using AI to launch attacks from their bedrooms.Join Group-IB’s Gary Ruddell and Nick Palmer as they sit down with Fergus Hay, CEO and co-founder of The Hacking Games, to explore how cybercrime is becoming more accessible than ever. They dive into the rise of Ransomware-as-a-Service (RaaS), the impact of generative AI, and why the next wave of ethical hackers should be recruited from gaming platforms..This episode unpacks the motivations driving young hackers, the pathway from gaming to cybercrime, and the urgent need to rethink how we recruit and inspire the next generation of cybersecurity defenders.Episode links:Group-IB's Top 10 Masked ActorsBy understanding who these actors are and how they operate, you can better anticipate threats and protect yourself in an increasingly hostile digital world.Subscribe to learn more about Group-IB's top 10 Masked Actors  - and stay one step ahead in the fight against cybercrime.FOLLOW GROUP-IBGroup-IB Threat Intelligence on X:   https://www.x.com/GroupIB_TIGroup-IB on X:  https://www.x.com/GroupIBGroup-IB on LinkedIn:  https://www.linkedin.com/company/group-ibGroup-IB on Facebook: https://www.facebook.com/groupibHQ/ Group-IB on Instagram: ...

Send us Fan MailWhen RansomHub, one of the most prolific ransomware groups, vanished overnight back in April, it sent shockwaves through the cybercriminal underworld. With over 600 global attacks and millions extorted, their sudden disappearance left affiliates scrambling and researchers asking: what happened?Join Group-IB’s Gary Ruddell and Nick Palmer as they speak with Pietro Albuquerque, a threat intelligence analyst at Group-IB and a leading expert on RansomHub, to unpack the rise and fall of this ransomware cartel. They explore how RansomHub’s affiliate-friendly model disrupted the RaaS market, why its tactics proved so effective, and where its members may have gone.From double extortion to underground job markets, this episode reveals the hidden mechanics of ransomware operations and what businesses must do to stay ahead of the next wave.By understanding who these actors are and how they operate, you can better anticipate threats and protect yourself in an increasingly hostile digital world.Subscribe now to meet these Masked Actors — and stay one step ahead in the fight against cybercrime.Episode links:Group-IB's Top 10 Masked ActorsRansomHub ransomware-as-a-serviceRansomHub Never Sleeps: The evolution of modern ransomwareRansomware debris: an analysis of the RansomHub operationRansom notes from the most active groupsBy understanding who these actors are and how they operate, you can better anticipate threats and protect yourself in an increasingly hostile digital world.Subscribe to learn more about Group-IB's top 10 Masked Actors  - and stay one step ahead in the fight against cybercrime.FOLLOW GROUP-IBGroup-IB Threat Intelligence on X:   https://www.x.com/GroupIB_TIGroup-IB on X:  https://www.x.com/GroupIBGroup-IB on LinkedIn:  https://www.linkedin.com/company/group-ibGroup-IB on Facebook: https://www.facebook.com/groupibHQ/ Group-IB on Instagram: ...

Send us Fan MailEmpty shelves, lost customers, and hundreds of millions of pounds in lost profit are just some of the outcomes that retailers have faced in the wake of recent ransomware attacks. From the Co-operative to M&S, the recent cyber attacks on UK retail giants have dominated headlines and wreaked havoc that’s been felt by customers, staff, and government officials alike. The culprits behind it? A highly organised group of ransomware specialists, codename: DragonForce. Join Group-IB’s Gary Ruddell and Nick Palmer as they speak with Jason Rebholz, an expert on the ransomware ecosystem, with over a decade of experience performing forensic investigations into complex cyberattacks. In this episode, they unpack how DragonForce evolved into a ransomware cartel, franchising their malware to affiliates like Scattered Spider, whose sophisticated social engineering tactics have significantly disrupted UK retail. They explore the wide-ranging impact on both businesses and consumers, offering insights into how each can better protect themselves. Finally, they examine the role of policy and regulation in preventing future attacks and strengthening cyber resilience.By understanding who these actors are and how they operate, you can better anticipate threats and protect yourself in an increasingly hostile digital world.Subscribe now to meet these Masked Actors — and stay one step ahead in the fight against cybercrime.Episode links:Group-IB's Top 10 Masked ActorsInside the Dragon: DragonForce Ransomware GroupBy understanding who these actors are and how they operate, you can better anticipate threats and protect yourself in an increasingly hostile digital world.Subscribe to learn more about Group-IB's top 10 Masked Actors  - and stay one step ahead in the fight against cybercrime.FOLLOW GROUP-IBGroup-IB Threat Intelligence on X:   https://www.x.com/GroupIB_TIGroup-IB on X:  https://www.x.com/GroupIBGroup-IB on LinkedIn:  https://www.linkedin.com/company/group-ibGroup-IB on Facebook: https://www.facebook.com/groupibHQ/ Group-IB on Instagram: ...

Send us Fan MailIn December 2014, Sony Pictures announced they were cancelling the release of Seth Rogan’s newest venture The Interview due to a large-scale cyberattack. And in February of this year, global cryptocurrency exchange Bybit suffered a massive attack resulting in the theft of $1.5 billion. These masked actors are still active. But now, they’ve turned their attention to companies like yours...Join Group-IB’s Gary Ruddell and Nick Palmer as they speak with Geoff White, one of the worlds leading journalists covering organized crime and tech and the author of The Lazarus Heist – From Hollywood to High Finance: Inside North Korea’s Global Cyber War as they explore the infamous Lazarus group.In this episode, they delve into the groups’ latest modus operandi – infiltration campaigns, whereby North Korean hackers pose as remote IT employees to funnel information through the backdoor and leave logic bombs in code that they can trigger years or months down the line. They look at how this shifts the responsibility model for cybersecurity, requiring vigilance from across the organisation for unusual behaviour.By understanding who these actors are and how they operate, you can better anticipate threats and protect yourself in an increasingly hostile digital world.Subscribe now to meet these Masked Actors — and stay one step ahead in the fight against cybercrime.Episode links:Group-IB's Top 10 Masked ActorsLazarus Arisen: Architecture, Tools and AttributionStealthy Attributes of Lazarus APT Group: Evading Detection with Extended AttributesAPT Lazarus: Eager Crypto Beavers, Video calls and GamesBy understanding who these actors are and how they operate, you can better anticipate threats and protect yourself in an increasingly hostile digital world.Subscribe to learn more about Group-IB's top 10 Masked Actors  - and stay one step ahead in the fight against cybercrime.FOLLOW GROUP-IBGroup-IB Threat Intelligence on X:   https://www.x.com/GroupIB_TIGroup-IB on X:  https://www.x.com/GroupIBGroup-IB on LinkedIn:  https://www.linkedin.com/company/group-ibGroup-IB on Facebook: https://www.facebook.com/groupibHQ/ Group-IB on Instagram: ...

Send us Fan MailIf a cybercriminal steals your password, you can change it. But what happens if they steal your face? Former soldier turned hacker, Gary Ruddell and financial crime veteran, Nick Palmer, explore the actors behind GoldFactory - a cybercriminal group stealing users' facial recognition data to clean out victims bank accounts.Joined by Craig Jones, who spent five years at Interpol as the director of cybercrime, Group-IB's Gary and Nick explore how masked actors are exploiting AI and Deepfakes for financial gain. In this episode, they dig into the novel tactics of this Chinese-speaking group who created a first of its kind iOS trojan to steal biometric data and bypass banking facial recognition security systems. Together they unpick how cybercriminals are adopting new technologies and franchising their efforts to manipulate more victims and increase their payoff.By understanding who these actors are and how they operate, you can better anticipate threats and protect yourself in an increasingly hostile digital world.Subscribe now to meet these Masked Actors — and stay one step ahead in the fight against cybercrime.Episode links: Group-IB's Top 10 Masked ActorsFace Off: Group-IB identifies first iOS trojan stealing facial recognition dataGold Rush is back to APAC: Group-IB unveils first iOS trojan stealing your faceBy understanding who these actors are and how they operate, you can better anticipate threats and protect yourself in an increasingly hostile digital world.Subscribe to learn more about Group-IB's top 10 Masked Actors  - and stay one step ahead in the fight against cybercrime.FOLLOW GROUP-IBGroup-IB Threat Intelligence on X:   https://www.x.com/GroupIB_TIGroup-IB on X:  https://www.x.com/GroupIBGroup-IB on LinkedIn:  https://www.linkedin.com/company/group-ibGroup-IB on Facebook: https://www.facebook.com/groupibHQ/ Group-IB on Instagram: ...

Send us Fan MailWelcome to Masked Actors — a true crime-inspired podcast from Group-IB that brings you face to face with the people orchestrating some of the most sophisticated cyberattacks on the planet. Join hosts Gary Ruddell — former soldier turned hacker and cyber threat expert — and Nick Palmer, a financial crime veteran, for the gripping new series which uncovers the tactics, motivations and real-world impact of the top 10 most prolific cybercriminal organizations of 2025.By understanding who these actors are and how they operate, you can better anticipate threats and protect yourself in an increasingly hostile digital world.Subscribe now to meet these Masked Actors — and stay one step ahead in the fight against cybercrime.By understanding who these actors are and how they operate, you can better anticipate threats and protect yourself in an increasingly hostile digital world.Subscribe to learn more about Group-IB's top 10 Masked Actors  - and stay one step ahead in the fight against cybercrime.FOLLOW GROUP-IBGroup-IB Threat Intelligence on X:   https://www.x.com/GroupIB_TIGroup-IB on X:  https://www.x.com/GroupIBGroup-IB on LinkedIn:  https://www.linkedin.com/company/group-ibGroup-IB on Facebook: https://www.facebook.com/groupibHQ/ Group-IB on Instagram: ...