Group-IB Bot-Trek

Early Threat Warning System is an ecosystem of cyber threat monitoring, detection and prevention solutions based on Group-IB experience . Group-IB provides large intellectual property owners, such as financial institutions and telecommunications companies, with direct access to compromised data and their customer identifiers, which were identified during the analysis of networks of infected computers and underground sites. The following data are of particular importance in terms of preventing fraud and money theft:

• Logins/passwords and keys of RBS systems.
• Compromised credit cards.
• Information about "drops" - primary recipients of stolen funds.
• IP addresses of infected malicious ON clients.
• IP addresses of socks, spam- and DDoS bots.
• Data associated with corporate domains and IP ranges: corporate e-mail accounts, access to intranet resources, etc.

The effectiveness of the threat early warning system is due to Group-IB technologies and access to a large number of data sources, such as:

• HoneyNet distributed trap network.
• Advanced Botnet Sinkholing technology.
• Data collection at underground sites.
• Malware research and sample own database.
• Data Base of phishing sites.
• Results of previous investigations into embezzlement and fraud.

threat early warning system not only sees banking Trojans, spyware, illegal remote administration tools, exploits for employee workstations, mobile botnets, corporate information leaks - it can quickly identify infected nodes in the enterprise's network and quickly prevent a targeted attack on business," said Group-IB CEO [[Sachkov Ilya Konstantinovich 'Sachkov Ilya].

Bot-Trek solutions are used by,,,, the Sberbank Alfa-Bank Megaphone Rostec largest, and banks USA Great Britain Australia, Fortune 500 companies and production giants from. The share China of Group-IB foreign exchange earnings in 2016 should reach 30%.

Group-IB Threat Intelligence provides personalized information for threat prediction, decision making, and security configuration. Combining the technical infrastructure for data collection with the expertise of experienced analysts, the service allows you to quickly learn about the compromise of customer and employee data, track changes in the tactics and tools of criminal groups that are potentially interested in the company, and prioritize threats based on expert forecasts. Group-IB Threat Intelligence entered Gartner's threat intelligence market reports alongside global leaders in the segment, and its subscriber geography spans four continents.

The Bot-Trek TDS target attack detection system detects threats on the corporate network. Self-learning sensors that receive data from the cyber intelligence service, Computer Forensics Laboratories and behavioral analysis systems detect suspicious activity in the enterprise network, and experienced experts identify critical threats, promptly informing the information security service and helping to prevent the development of the incident.

Bot-Trek Secure Bank eliminates blind spots in online payment security by identifying signs of infection and compromise of client devices when a user is authorized. Easily embedded in the code of a web application, Secure Bank controls the absence of injections on the pages of an Internet bank, signs of remote management and the operation of banking Trojans, allowing you to block access to accounts at the stage of preparing theft.

Bot-Trek Secure Portal prevents unauthorized access to personal accounts, personal data, bonus accounts of users of web resources and various scenarios of fraud - from using bots to showing competitors' offers on portal pages.

2023: FSTEC halts F.A.C.C.T. software certificates for CII

On December 18, 2023, it became known that software systems for ensuring the security of the Russian company F.A.C.C.T. (a former division of Group-IB in the Russian Federation) may lose the certificate of the Federal Technical and Export Control Service (FSTEC). As a result, the use of products at critical information infrastructure (CII) facilities in Russia will become impossible.

It is reported that FSTEC sends requests to Russian enterprises and organizations for information on the use of Bot-Trek TDS products, Group-IB Threat Hunting Framework and other production solutions of iBi TDS Group LLC (it is a legal entity of F.A.C.C.T.). At the same time, the sent document does not inform about the purpose of the request.

software complexes for ensuring the security of the Russian company F.A.C.C.T. may lose the FSTEC certificate

FSTEC suspended certificates for Bot-Trek TDS and Group-IB Threat Hunting Framework products (used to identify botnets and respond to cyber incidents) at the end of May 2023. In August of this year, the certificates were renewed, but then suspended again due to laboratory tests. Market participants believe that the regulator is considering the possibility of a complete revocation of the license for these products, which will not allow them to be used in the field of CII.

In the period from December 4 to 8, 2023, the FSTEC testing laboratory transferred the results of the study of software systems to the regulator. We assume that the letter sent to Russian companies, including CII subjects, is intended to assess the scale of use of the Bot-Trek TDS or Group-IB Threat Hunting Framework. We expect that the verification will be completed in the near future and the validity of compliance certificates will be resumed, the F.A.C.C.T. said in an official statement.

The company emphasizes that it operates in strict accordance with Russian law, including the requirements of information security market regulators . All F.A.C.C.T products designed to identify and prevent cyber threats, cybercrime research, and data protection are included in the register of domestic software.^[1]

Notes