Threat Intelligence

Must have cyber intelligence
service to mitigate cyber threats

Learn about threats, leaks, attacks, and hacking activity
before they can harm your business

Prompt attack and threat notifications for your company, clients and partners

Direct access to compromised data and TTPs of malicious activity

Detections, analysis and forecasts of hacking activity in the areas of your interest

Convenient web interface for data search and analysis – no installation required

STIX/TAXII ready, official OASIS Cyber Threat Intelligence (CTI) Technical Committee Member

24×7 Personal cyber intelligence analyst support: tailored reports, malware analysis and much more

We give you vital intelligence about upcoming threats and actual cyber security risks

It takes a few minutes to infect a computer, while incident detection and remediation activities may last months. Even if you feel confident in your systems’ safety, vulnerabilities of your clients, employees, or partners may become your problem – this potential threat has become a reality for financial institutions, payment systems and telecommunications operators. Security breach in a company of your industry may be a warning sign of future attacks on your business, while insiders will help criminals bypass your defensive barriers.

Be prepared to any attack scenario with Intelligence cyber analytics: receive the most specific and detailed information for prompt response and the most recent data for threat prevention.

Strategic planning with cyber intelligence

Keep up with the constantly changing threat landscape, learn about threats targeting your business area, evaluate and improve your IT security investment strategy

  • Evaluate risks, analyze statistics and assess potential damages
  • Prioritize threats based on expert forecasts

  • Learn attack tactics and cybercrime strategy
  • Know your enemy

  • Analytics by country or economy sector
  • Quarterly digests
  • Profiles of criminal groups, hacktivists and cyberterrorists

  • Updated statistics and forecasts of hacking activity
  • Analysis of hacker campaigns and assessment of damages
  • Key news of the cybercrime underworld

During 2016 Threat Intelligence detected and informed on

new threats and hacker groups

15 incidents of sales
of confidential information

990 000+
phishing websites

23 000+
websites attacked
by hacktivists

Taking control on upcoming cyber threats

Prepare for cyber attacks with comprehensive information on malware threatening your company and clients, attack targets and methods, cyber espionage tools, news and notifications on potential threats from private hacker resources.

  • Adapt your security tools and response plans
  • Learn about data leaks and identify insiders
  • Prevent confidential data from being sold to third parties
  • Monitor hacking attacks and activity peaks correlating with your incidents
  • Tactics, tools and indicators of targeted attacks, including email subjects and malicious application names
  • Full description, C&C server addresses, copies of setting files and other information on malware targeting your company and clients
  • Notifications on data leaks and corporate and personal data sales
  • Messages on searching insiders in companies and signs of suspicious hacker activity related to your company (such as detected specific malware targeting your business)

  • Lists of hacked and attacked websites, phishing or hacked legitimate resources spreading malware
  • DDoS attack target lists
  • Modifications in operating systems and system-wide abnormal behaviors
  • Suspicious IP addresses, including lists of non-public socks proxy servers, public proxy servers, Tor exit nodes, etc.

Apply IoCs to you layered cyber security infrastructure

Minimize the time you spend on incident response with instant notifications to critical threats, direct access to compromised data and a variety of technical indicators used to bolster your security.

  • Protect your clients, employees, and partners against fraud and personal data theft
  • Receive attack confirmation, learn about the attack source and mechanisms used

  • Prevent leakage and industrial espionage
  • Effectively stop targeted attacks
  • Prevent illegal use of your brand

  • Compromised corporate identifiers: corporate email accounts, intranet resources login credentials, etc.
  • Compromised logins, passwords, online banking keys, bank card numbers
  • IMEI/IMSI of infected mobile devices and ICCID of compromised SIM cards

  • Domains, web services and digital certificates misusing your brand name
  • IP addresses of infected customers, contractors, or partners
  • Information on “money mules” – accounts to  which stolen money is initially transferred

During 2016 Threat Intelligence detected and identified

745 000+
user and corporate accounts

509 000+
bank cards

210 000+
infected mobile devices

active apt cyber gangs

Intelligence and data collection

Group-IB specialists daily analyze thousands of compromised credentials, bank card numbers, messages and postings of “black hats” on deep web hacking forums, information on hundreds of attacks. We analyze the most recent malware, attack mechanisms and participate in incident investigations collecting the most recent and detailed information about cybercriminals, their strategies and tools.

More than 10 patented technologies, automation and special tactics, algorithms and machine learning are helping us to collect raw data on cyber threats.

Best analysts are making intelligence out of threat data, enriching them with context, revealing kill chains and TTPs (tactics, technics and procedures) of cyber criminals.

Building links between incidents, IoCs and cyber criminals activities all over the world with the help of CERTs, Europol, Interpol and other international cyber crime fighters.
  • Collecting and analyzing information in 11 languages, the largest monitoring capabilities in Emerging Markets
  • Data processing and storage on secure servers in the US, Germany and Russia
  • High confidentiality of all the stored data, regularly tested and assessed security


Group-IB leverages its 14 years of unique expertise in cybercrime investigations to discover hidden connections buried within disparate data. We closely cooperate with best experts in cyber security around the world, which helps us to solve the most complicated global cases. Information analysis enables us to understand motives of criminals and create hacker profiles to forecast their future activity.

  • Deep knowledge of Russian-speaking and international cybercriminal markets
  • Adjustable amount of hours of remote analysts
  • Ability to request assistance from special team of Group-IB security experts responsible for handling high-profile investigations
  • Classification by regions and business areas
  • Establishing correlations and interconnections
  • Data validation
  • Additional data and context collection
  • Intelligence data exchange


Threat Intelligence data delivers cyber threats information you really need based on subscription types.
Also available through your threat intelligence platform:


24×7 access to real-time threat intelligence. Fight cyber criminals proactively with regular and urgent threat reports, information on compromised accounts and mobile devices, suspicious IP address data feeds and ability to block phishing resources. 40 hours of analyst support per quarter included.


Use full capabilities of Enterprise pack enriched with financial-specific threat data. Gain additional benefits from comprehensive intelligence on compromised banking cards, targeted malware and money mules sections. 40 hours of analyst support per quarter are also included.


Don’t leave any chances to cyber criminals with hacktivism analysis and profiling and power of Group-IB Brand Protection service. Discover phishing sites, fraudulent SSL certificates, abusive mobile applications and online advertising in automatic mode. Let Group-IB take down phishing sites and stop entire phishing operations to keep your business and customers away from cyber threats of future. 80 hours of analyst support in quarter included into subscription.

  • Convenient WEB interface and highly detailed reports on detected threats
  • STIX/TAXII ready, API for enterprise security solutions
  • 24/7 analyst support to help you solve the most urgent and challenging incidents

Our clients

Sberbank British American Tobacco Microsoft Colgate-Palmolive Raiffeisen Bank