Uptime Hamster: 14d 22h 24mDeploy: 13 Jul 2026 08:04Updated: 2026-07-14
Logo del actor de amenaza GroupIB_TI

GroupIB_TI

11 incidentes 1 paises 2 sectores Ultimo: 2026-06-25
Ver en IntelTracker → APTTrail →

Canales, DLS e infraestructura asociada

Clasificacion automatica desde IntelTracker/APTTrail/OSINT. Estado real solo si viene indicado por la fuente.

TipoEstadoHost / enlaceTitle / ultimo titulo
Forounknownnitter.netGroup-IB Threat Intelligence: The Y2K Operators threat actor is using sophisticated #socialengineering lures, disguising payloads as legitimate software, cracked applications, gaming cheat tools (e.g., Roblox), and used PDF decoy documents.
X/Twitterunknownx.comGroup-IB Threat Intelligence: Since January 2025, Group-IB has tracked over 2,500 #phishing domains tied to a single #PhaaS ecosystem known as the "Phoenix System" (不死鳥系統), which has targeted more than 70 organizations across financial services, telecom, and logistics.
DLS / leak siteunknownnitter.netGroup-IB Threat Intelligence: Group-IB telemetry has identified over 62,000 compromised endpoints across more than 160 countries infected with #MilleniumRAT (4.x). The infection velocity is alarming, with over 39,000 of these detections occurring in Q1 2026 alone, representing 64% of all infections. This demonstrates a rapidly accelerating global campaign.
DLS / leak siteunknownnitter.netGroup-IB Threat Intelligence: Pinned: #MilleniumRAT (v4.x) marks a significant evolution in the threat landscape. The #malware has been completely rewritten from .NET to a native C++ application, removing .NET dependencies. This architectural shift enables greater stealth and resilience, making detection more challenging. The #Telegram Bot API remains the core C2 mechanism.
DLS / leak siteunknownnitter.netGroup-IB Threat Intelligence: SilabRAT places significant emphasis on #cryptocurrency theft. Beyond harvesting credentials and browser data, it can identify wallet-related artifacts and automatically attempt password recovery using credentials collected from infected systems. These additions reflect the growing focus on direct monetization within modern #malware ecosystems.
DLS / leak siteunknownnitter.netGroup-IB Threat Intelligence: One of SilabRAT's most notable capabilities is its use of Hidden Virtual Network Computing (HVNC). By interacting with services directly from the victim's device, attackers can perform account activity, access sensitive platforms, and conduct fraudulent operations while appearing as a legitimate user originating from the trusted device and IP address. #InfoSec
DLS / leak siteunknownnitter.netGroup-IB Threat Intelligence: As browser security evolves, attackers are moving beyond traditional cookie theft. #SilabRAT advertises browser profile cloning, allowing operators to replicate a victim's browser environment, including extensions, storage, and fingerprinting artifacts. This enables access to authenticated sessions that may otherwise resist conventional session hijacking techniques. #CyberThreats #ThreatIntelligence
DLS / leak siteunknownnitter.netGroup-IB Threat Intelligence: Validation of sample datasets from claims targeting Gulf banks showed that names and phone numbers were sourced from the 2021 Facebook leak while corresponding password hashes were taken from the October 2020 Eatigo breach, creating composite records that contain legitimate individual identifiers but do not represent actual customers of the targeted organizations.
Forounknownnitter.netGroup-IB Threat Intelligence: These brokers, operating channels like #Aiqianjin and #YiqunData on Telegram, in addition to other individual brokers on dark web forums such as Exchange Market and Chang'An Sleepless Night, post between 500 to over 1,000 messages monthly across these platforms — a volume that would represent an unprecedented number of real breaches if true.
Forounknownnitter.netGroup-IB Threat Intelligence: Chinese-speaking data brokers are flooding #darkweb forums and #Telegram with advertisements for massive datasets, but Group-IB analysis shows these are largely compiled from prior breaches like the 2021 Facebook leak and the 2020 Eatigo incident.
DLS / leak siteunknownnitter.netGroup-IB Threat Intelligence: Victimology analysis shows overlapping global targeting across both campaigns. Reward Points phishing primarily targets #financial services and telecom users across #APAC, while Failed Parcel Delivery campaigns focus on logistics entities across Europe, APAC, and the US. Despite sector-specific lures, the geographic distribution and brand impersonation patterns indicate coordinated deployment within the same smishing infrastructure. #ThreatIntel
DLS / leak siteunknownnitter.netGroup-IB Threat Intelligence: Since January 2025, Group-IB has tracked over 2,500 #phishing domains tied to a single #PhaaS ecosystem known as the "Phoenix System" (不死鳥系統), which has targeted more than 70 organizations across financial services, telecom, and logistics.
Victimas
5
TTPs unicas
1
Info robada historica
N/D
Rescates reclamados
N/D
Pagos detectados
N/D

TTPs observadas

T1566 Phishing

Paises afectados

United States (4)

Sectores atacados

Software (1) Media (9)

URLs nuevas detectadas en IntelTracker

nitter.net x.com nitter.net nitter.net nitter.net nitter.net nitter.net nitter.net nitter.net nitter.net nitter.net nitter.net

Victimas (5)

Group-IB Threat Intelligence: Pinned: #MilleniumRAT (v4.x) marks a significant evolution in the threat landscape. The #malware has been completely rewritten from .NET to a native C++ application, removing .NET dependencies. This architectural shift enables greater stealth and resilience, making detection more challenging. The #Telegram Bot API remains the core C2 mechanism.25 Jun 2026
Malware Media
Pinned: #MilleniumRAT (v4.x) marks a significant evolution in the threat landscape. The #malware has been completely rewritten from .NET to a native C…
Group-IB Threat Intelligence: SilabRAT places significant emphasis on #cryptocurrency theft. Beyond harvesting credentials and browser data, it can identify wallet-related artifacts and automatically attempt password recovery using credentials collected from infected systems. These additions reflect the growing focus on direct monetization within modern #malware ecosystems.10 Jun 2026
Malware United States Media
SilabRAT places significant emphasis on #cryptocurrency theft. Beyond harvesting credentials and browser data, it can identify wallet-related artifact…
Group-IB Threat Intelligence: Validation of sample datasets from claims targeting Gulf banks showed that names and phone numbers were sourced from the 2021 Facebook leak while corresponding password hashes were taken from the October 2020 Eatigo breach, creating composite records that contain legitimate individual identifiers but do not represent actual customers of the targeted organizations.20 May 2026
Breach Media
Validation of sample datasets from claims targeting Gulf banks showed that names and phone numbers were sourced from the 2021 Facebook leak while corr…
Group-IB Threat Intelligence: Victimology analysis shows overlapping global targeting across both campaigns. Reward Points phishing primarily targets #financial services and telecom users across #APAC, while Failed Parcel Delivery campaigns focus on logistics entities across Europe, APAC, and the US. Despite sector-specific lures, the geographic distribution and brand impersonation patterns indicate coordinated deployment within the same smishing infrastructure. #ThreatIntel29 Apr 2026
Phishing United States Media
Victimology analysis shows overlapping global targeting across both campaigns. Reward Points phishing primarily targets #financial services and teleco…
Group-IB Threat Intelligence: Since January 2025, Group-IB has tracked over 2,500 #phishing domains tied to a single #PhaaS ecosystem known as the "Phoenix System" (不死鳥系統), which has targeted more than 70 organizations across financial services, telecom, and logistics.29 Apr 2026
Phishing United States Media
Since January 2025, Group-IB has tracked over 2,500 #phishing domains tied to a single #PhaaS ecosystem known as the "Phoenix System" (不死鳥系統…