| |
Group-IB, a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime, assisted INTERPOL (interpol.int) and Brazilian authorities with threat intelligence and investigation expertise in disrupting the Grandoreiro banking trojan operation.
In January this year, Brazilian authorities announced the arrest of five administrators behind the Grandoreiro banking trojan operation in Sao Paulo, Santa Catarina, Para, Goias, and Mato Grosso.
Grandoreiro malware, which has been considered a major cybersecurity threat across Spanish-speaking countries since 2017, is introduced through phishing emails impersonating recognized organizations such as courts, telecom, and energy companies.
Once in, the malware tracks keyboard inputs, simulates mouse activity, shares screens, and displays deceptive pop-ups, collecting data such as usernames, operating system information, device runtime, and, most importantly, bank identifiers. With complete control over victims’ bank accounts, criminals empty them, sending funds through a money mule network to launder the illicit proceeds before transferring them to Brazil.
The organization responsible for the malware is suspected of defrauding victims of more than EUR 3.5 million. However, according to CaixaBank, several failed attempts could have yielded more than EUR 110 million for the criminal organization.
Between 2020 and 2022, as part of independent national cybercrime investigations, Brazil and Spain collected Grandoreiro malware samples and turned to INTERPOL for support in analyzing the material. Group-IB, along with other private sector partners, contributed to the operation launched by INTERPOL’s Cybercrime unit against the criminal group.
The operation was a collective effort involving Group-IB to initiate further investigative action against the threat actors responsible for cybercrimes in Brazil and Spain. Group-IB’s Threat Intelligence and Cyber Investigation specialists helped analyze a series of Grandoreiro malware samples used in attacks on Spanish banks.
Group-IB successfully assisted in the malware investigation, enabling tracking of the threat actor’s continuously changing network infrastructure and retrieving the IP address of the active command and control (C2) server.
The findings were provided to INTERPOL to support the ongoing operation. By August 2023, analytical reports had identified correlations between samples, leading investigators to narrow down the suspects to the organized crime group. INTERPOL streamlined cooperation among national agencies, leading Brazilian agencies to conduct house searches across five states. This operation resulted in the arrest of five programmers and operators responsible for the banking malware.
To bring the operation to its successful culmination, the court issued further orders to seize and block assets and valuables, decapitalizing their criminal structure and reclaiming losses.
“This operational success vividly underscores the importance of sharing intelligence through INTERPOL, and why we are committed to acting as a bridge between public and private sectors. It also sets the stage for further cooperation in the region.”
Craig Jones - Director of INTERPOL’s Cybercrime
“Disrupting the Grandoreiro malware operation reaffirms the ever-strong public-private dynamic in investigating and fighting cybercrime to protect local businesses and citizens. The constantly evolving technology and investigation capabilities of private cybersecurity providers greatly assist national and international law enforcement agencies in ensuring the success of time-bound investigations that demand immediate retaliation against adversaries. Group-IB has always maintained an active stance in supporting INTERPOL with intelligence-sharing and investigative expertise to facilitate cybercrime operations. Our localized and shared threat research effectively helps us reinforce cybersecurity across regions and globally.”
Dmitry Volkov - CEO of Group-IB
About Group-IB
Founded in 2003 and headquartered in Singapore, Group-IB (group-ib.com) is a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime. Combating cybercrime is in the company’s DNA, shaping its technological capabilities to defend businesses, citizens, and support law enforcement operations.
Group-IB’s Digital Crime Resistance Centers (DCRCs) are located in the Middle East, Europe, Central Asia, and Asia-Pacific to help critically analyze and promptly mitigate regional and country-specific threats. These mission-critical units help Group-IB strengthen its contribution to global cybercrime prevention and continually expand its threat-hunting capabilities.
Group-IB’s decentralized and autonomous operational structure helps it offer tailored, comprehensive support services with a high level of expertise. We map and mitigate adversaries’ tactics in each region, delivering customized cybersecurity solutions tailored to risk profiles and requirements of various industries, including retail, healthcare, gaming, financial services, manufacturing, critical services, and more.
The company’s global security leaders work in synergy with some of the industry’s most advanced technologies to offer detection and response capabilities that eliminate cyber disruptions agilely.
Group-IB’s Unified Risk Platform (URP) underpins its conviction to build a secure and trusted cyber environment by utilizing intelligence-driven technology and agile expertise that completely detects and defends against all nuances of digital crime. The platform proactively protects organizations’ critical infrastructure from sophisticated attacks while continuously analyzing potentially dangerous behavior all over their network.
The comprehensive suite includes the world’s most trusted Threat Intelligence, The most complete Fraud Protection, AI-powered Digital Risk Protection, Multi-layered protection with Managed Extended Detection and Response (XDR), All-infrastructure Business Email Protection, and External Attack Surface Management.
Furthermore, Group-IB’s full-cycle incident response and investigation capabilities have consistently elevated industry standards. This includes the 70,000+ hours of cybersecurity incident response completed by our sector-leading DFIR Laboratory, more than 1,400 successful investigations completed by the High-Tech Crime Investigations Department, and round-the-clock efforts of CERT-GIB.
Time and again, its solutions and services have been revered by leading advisory and analyst agencies such as Aite Novarica, Gartner®, Forrester, Frost & Sullivan, KuppingerCole Analysts AG, and more.
Being an active partner in global investigations, Group-IB collaborates with international law enforcement organizations such as INTERPOL, EUROPOL and AFRIPOL to create a safer cyberspace. Group-IB is also a member of the Europol European Cybercrime Centre’s (EC3) Advisory Group on Internet Security, which was created to foster closer cooperation between Europol and its leading non-law enforcement partners.
|
pr[.]group-ib.com 
