Translated by

Group-IB Group of information security AYBI TDS Group



Altera Capital - 10%
Run Capital - 10%


+ Romanenko Andrey

Group-IB (Group of Information Security) is founded in 2003 as group on investigation of IT – incidents. Works in the field of computer criminalistics, consulting and audit of information security systems. Experience of Group-IB is realized in the system of early detection of cyberthreats – the product line for monitoring, identification and warning of cyberthreats based on these threat intelligence and the analysis of the real hacker attacks.

"The group of information security"  — the first Russian non-state[1], rendering services in investigation of incidents in the field of information technologies and also providing a full range of services in information security support on a commercial basis.

The brand promoted in the foreign markets  — Group-IB.


Core activities of the company are

  • Monitoring and prevention of cyberthreats
  • Ensuring protection of clients against the target attacks, including using earlier unknown malicious code
  • Response to incidents of information security hands of specialists of the round-the-clock center CERT-GIB
  • Audit and consulting in the field of cybersecurity
  • Fight against piracy
  • Protection of a brand on the Internet
  • Investigation of computer crimes
    • conducting computer examination
    • information search and data analysis for conducting investigation
    • legal support according to legal issues

Cyberinvestigation on a subscription: monitoring, the analysis and forecasting of threats for the company, clients and partners

  • Strategic information for the weighed risks assessment and prioritizatsiiugroz
  • Operational data for preparation for the attacks and setup of the systems of protection
  • The tactical indicators minimizing time of response to an incident



Group-IB participates in the TAdviser IT Security Day conference

On June 30 the Head of Department of system solutions of Group-IB Anton Fishman within the TAdviser IT SECURITY DAY 2020 conference will tell about relevant cyberthreats of 2020 and also about new technology trends of prevention of cyber attacks. The calls of the current year connected with a pandemic, transition to remote work and growth of number of cyber attacks and financial frauds set the non-standard tasks for business. How to protect the infrastructure, employees and assets?

Anton Fishman will tell:

  • What cyberthreats appeared for small and medium business, clients of banks recently
  • How to ensure complete safety of return of employees to offices from remote work and#StayCyberSafe
  • Cases and possibilities of application of Group-IB Threat Detection System as means of protecting from the changing modern threats

Group-IB is an official partner of the IT SECURITY DAY 2020 conference.
Join to get more information.

U.S. authorities accused the top manager of Group-IB of sale of data of social network

At the beginning of March, 2020 it became known of charges which were brought by U.S. authorities to the Head of Department of network security of the Russian Group-IB Nikita Kislitsin. That is suspected of attempt to sell data of users of social network Formspring in 2012. Read more here.

2018: Opening of the global headquarters in Singapore

In November, 2018 it became known of plans of Group-IB to open the global headquarters in Singapore within the international expansion. The Reuters news agency with reference to the cofounder and the CEO of the company Ilya Sachkov reports about it.

According to him, Group-IB selected the correct time for opening of the office in Singapore planned for the end of 2018 or the beginning of the 2019th.

Ilya Sachkov
It is financial center of Asia, and our business prospers in Asia. Singapore became the first country which purchased our products. Besides, the headquarters of the division of the Interpol which is engaged in cybercrimes with which we cooperate is located in Singapore — Sachkov noted, having added that for business growth it should be global.

In the new headquarters of Group-IB in Singapore there will be divisions which already are at the Moscow office — laboratory of computer criminalistics and a research of a malicious code, department of investigations of incidents of information security, department of the round-the-clock monitoring and response to incidents other departments.

Group-IB intends to save the main development of technologies in the Moscow representative office. To Singapore will go only 15 of more than 300 employees of Group-IB. Other 75 people of new office according to the legislation of the country should be employed in the local market.

Within several years Group-IB is going to invest in development of infrastructure in counteraction of cyber crime in Southeast Asia about $30 million. This region, according to own data of the company, generates it about 30% of the international revenue.

The company calls Southeast Asia the region which is the most actively attacked by hackers. So, all in a year in it the activity of 21 APT groups was recorded that it is more, than in the USA and Europe, specified in Group-IB.[2]


Opening of the Brand Protection direction

On September 28, 2017 Group-IB announced opening of the Brand Protection direction. His specialists will be responsible for monitoring and prevention of economic crimes and fraud using brands. With opening of the separate direction the company is going to start an online service where clients will monitor process of elimination of violations, and to develop own TEConts more actively, including for foreign market. Read more here.

Partnership with MTS

In September, 2017 PJSC MTS, the telecommunication operator in Russia, and Group-IB protection of MTS and its clients on the Internet signed the agreement on cooperation in the field of prevention of computer crimes and investigation of incidents and also. An ultimate goal of joint projects of the companies is increase in the overall level of information security in Russia.

Within the agreement of MTS and Group-IB will exchange data in the field of cyberthreats, to provide each other organizational and methodological support, to render assistance by technical, financial and personnel resources. In particular, MTS will provide access to the knowledge base of the Information Security Center (Security Operations Center, SOC) created for rendering services to third-party customers, and Group-IB will provide its expert support. Besides, Group-IB will provide to MTS services in prevention and investigation of incidents using the hardware and software solutions and services.

Partnership with EclecticIQ

In July Group-IB and EclecticIQ announced the conclusion of the partnership agreement and data integration of Threat Intelligence from Group-IB in the EclecticIQ platform. Thanks to this cooperation of analytics, threats "hunters", the staff of operational Information Security Centers and specialists in response to cybersecurity incidents will get access to the comprehensive information about relevant cyber attacks. As envisioned by partners, it will allow to reveal the threats proceeding from Russian-speaking cybercriminals. In more detail about it it is possible to read here.

Joint venture with NCI

The resident of an IT cluster of Skolkovo Foundation, the Group-IB company which is engaged in prevention and investigation of hi-tech crimes and the National Center of Informatization (NCI), the child structure of Rostec Group which is engaged in development, development and implementation of IT products signed the agreement providing creation of the joint venture (JV). The document was signed on May 25 at the forum "Digital Industry of Industrial Russia" in Innopolis (Republic of Tatarstan).

Within arrangements, Group-IB will provide the technologies in the joint venture. The NCI will prormote in turn production in the markets of presence of Rostec Group and will undertake operating activities, including government relations, certification of products and other questions.

Creation of the joint venture will allow Group-IB to implement for protection of objects with critical information infrastructure:

  • the threat intelligence system allowing to trace in real time trends in development of the threats of information security proceeding from underground community of the cybercriminals relevant for specific industry for competent distribution of investments into information security at the enterprise;
  • the solutions on detection of invasions of TDS and Polygon allowing to be protected including of earlier unknown malicious code and also to detect target attacks on network infrastructures of the organizations still before malefactors could cause the actual damage;
  • the system of protection of the Secure Portal state portals developed with support Skolkovo, counteracting unauthorized access to personal accounts of users, use of bots (for selection of passwords and failure of online votes), to collection of data on payment cards and other personal data;
  • analytical security systems using Big Data.

The created joint venture – the first among technology consortia which Group-IB intends to create in the next years. The company conducts negotiations on opening of several competence centers abroad with the largest international companies. First of all in plans – creation of such centers in the Middle East, in Latin America and East Asia and also in the USA.

2016: Altera Capital and Run Capital became shareholders of Group-IB

In the middle of August, 2016 it became known that Altera investment fund of Kirill Androsov and the Run Capital foundation which is set up by the entrepreneur Andrey Romanenko entered capital stock of Group-IB. Each participant of the transaction acquired 10% of shares of the Russian developer of solutions for information security support, Kommersant with reference to representatives of Run Capital reports.

Investments will be aimed at the development of analytical centers in the countries of the Middle East, Southeast Asia and Latin America, hiring of local criminalists and also expansion of sales on American, the European and Asian markets. Earlier Group-IB announced plans to open analytical center in Thailand in 2017.

CEO of Group-IB Ilya Sachkov

The founder of Altera Investment Fund SICAV-SIF Kirill Androsov is confident in success of the company in the new markets.

We invest in the companies having global potential. The interest which is shown to solutions of Bot-Trek by clients from Europe of the USA, Asia and the Middle East shows that the offer of Group-IB is capable to compete with world market leaders.
Kirill Androsov

The CEO of Group-IB Ilya Sachkov said that within the investment transaction the company receives "smart money" as Altera Capital have an examination in the market of information security of the USA, and Run Capital "well understands how the financial industry works".

Investment volume of Altera Capital and Run Capital into Group-IB does not reveal. The source of Kommersant, close to the transaction, says that investors estimated all Group-IB approximately at $80-100 million, and the cost of a share of funds was about $16-20 million. For the current level and dynamics of development of Group-IB these digits look overestimated, the managing director of Prostor Capital Alexey Solovyov considers.[3]


Group-IB is going to attract $20 million investments

The Group-IB company specializing in information security is in search of the investor and is going to attract $20 million, having increased authorized capital in limits to 25%. This CNews was announced by the CEO of Group-IB Sachkov Ilya. The cost of the company today, according to him, is $80-100 million. The Otkrytiye bank[4] acts as investment attraction broker[5].

The raised funds will go for acceleration of an output to international market of the product Group-IB under the name Bot-Trek. It is intended for monitoring of botnets and cyberinvestigation. Bot-Trek provides to large owners of intellectual property, such as financial institutions and telecommunication companies, direct access to the compromised data and identifiers of their clients which managed to be revealed during the analysis of networks of the infected computers and underground platforms.

The IIDF can invest 210 million rub in Group-IB

The Internet Initiatives Development Fund (IIDF) approved previously the transaction with Group-IB which is engaged in prevention and investigation of cybercrimes in April, 215 Kommersant reported.

The amount of the possible transaction and other details officially are not disclosed, but the source familiar with the course of negotiations reported that the IIDF can invest 210 million rubles in Group-IB.

The CEO and the founder of Group-IB Ilya Sachkov specified that investments will come to the company at achievement of certain KPI. The representative of IIDF reported that the fund is going to use the Group-IB brand and the acquired sales channels of larger companies to accelerate growth rates of young technology startups.

2014: The claim to Roskomnadzor and Rostelecom for blocking of the website

In April, 2014 Group-IB submitted a claim to Arbitration court of Moscow concerning Roskomnadzor and Rostelecom for wrong blocking of the website — Vedomosti reports about it. The Group-IB company requires 150 million rubles. Group-IB notes that the company is engaged in information security therefore the operability of the website is essentially important. According to the corporate adviser of firm Anatoly Zemtsov, the main problem consists that after blocking on the website warning of existence on it illegal information appeared. The CEO of Group-IB Ilya Sachkov adds that though the website was blocked by mistake, this error caused to the company serious reputation damage. ayt Group-IB was temporarily blocked in November, 2013 as Roskomnadzor directed operators to limit access to the resource with which on one IP address couple of hundreds of websites was placed (including the website Group-IB). Rostelecom has no technical capability to block separate pages, only entirely the IP addresses — therefore all these websites were blocked. According to the statistics of the Roskomsvoboda project (which provides anonymous access to the websites blocked by Roskomnadzor), in the middle of April, 2014 in Russia 137,320 websites from which 1964 were blacklisted were blocked, i.e. are blocked legally.

2013: LETA Group leaves number of founders of Group-IB

In October, 2013 LETA Group announced leaving the company of Group-IB as a result of MBO. The funds obtained from the transaction will be allocated in venture subsidiary – LETA Capital fund. In 2010 LETA Group purchased 50% of Group-IB company. In three years the staff of Group-IB grew by 5 times.

"During cooperation with LETA Capital in Group-IB company the Laboratory of Computer Criminalistics, largest in Eastern Europe (which power, today, allow to execute about 80% of the most complex and resonant affairs in area of the cybercrimes and crimes committed in the field of high technologies) was created, the first in Eastern Europe private CERT was started, the direction on protection of a brand in the Internet and also strenuously the direction on prevention of computer crimes was open. It is also worth noting that during this time using capacities of the company and competences of her employees it was succeeded to detect and stop existence of 5 largest criminal groups making fraudulent activity in the RBS systems in the territory of the CIS. We will continue to strengthen the positions of the leader in the market in investigation and prevention of cybercrimes in Eastern Europe and by 2017 we are going to get to TOP10 of world leaders of this market," — the CEO of Group-IB Sachkov Ilya commented on an event.


Obtaining license of FSB

In December, 2012 Group-IB obtained the license of FSB of the Russian Federation for work with the data which are the state secret. The license (GT No. 0064472, registration number 4490) of the company was issued by the Department of Federal Security Service of the Russian Federation for Moscow and Moscow Region for a period of three years. A condition for implementation of this type of activity is observance of requirements of legal and other regulations of the Russian Federation for ensuring protection of similar data.

Start of development of the system of Bot-Trek

Since 2012 the company develops the system of early detection of cyberthreats Bot-Trek which enter service of cyberinvestigation, the detector of threats in corporate network and also solution SaaS for banks, state-structures and e-commerce revealing preparation for frauds and plunders. Unlike antiviruses, the products Bot-Trek allow to control all range of risks – from the attacks using methods of social engineering before illegal use of a brand.


Agreement with CC

In December, 2011 Coordination center of the national domain of the Internet (CC) which is regulator of domain zones. RU and. The Russian Federation signed agreements on counteraction to cyberthreats with Group-IB company. According to the new rules of registration of domains which became effective in November, 2011, registrars have the right to stop delegation of domains on representations of the authorized organizations selected by CC. Group-IB became authorized organization in the field of fight against two categories of the websites: phishing (used for receiving from the third parties of a confidential information due to introduction of these persons to delusion concerning its accessory owing to similarity of domain names, a design or contents of information); and the managing directors of botnets (who are used for unauthorized access in information systems of the third parties or for infection of these systems with malware or for management of such programs).

CERT-GIB start: the Russia's first private command on response to cybersecurity incidents

In October, 2011 Group-IB announced start of CERT-GIB, the Russia's first private command on response to incidents of information security. CERT-GIB represents the team on response to incidents of information security (Computer Emergency Response Team) formed based on Group-IB company. The mission of this structure is rendering the operational help to the organizations and individuals in response to incidents. At this CERT-GIB promotes not only to the clients who are on permanent service in accordance with the terms of agreements but also provides services to any other legal entities and physical persons within collection of information about incidents and coordination of reaction. CERT-GIB gives to the addressed clients the complex support on minimization of information risks consisting of technical, organizational and legal advice bureaus. Services in response to incidents represent the counter-measures directed to identification of the nature of violation and its neutralization, recovery of regular functioning of an information system, analysis of the causes of the incident, identification of involved persons and attraction them to responsibility. Due to correct and rapid response to an incident decrease in the financial and reputation damage received as a result of violation is provided. Providing a continual operational loop of work on collection of information and response to incidents is performed in the round-the-clock mode thanks to simultaneous presence of experts of Group-IB in Moscow, New York and Singapore.

Opening of representation in the USA

In September, 2011 Group-IB announced about opening of the representation in the USA. The new division is responsible for strengthening of positions and expansion of activity of the company in the North American market. Creation of the first foreign representative office of Group-IB became the next step to strategy implementations on an output of company services to international market of investigation of computer crimes. The division will provide in the countries of North America a full service package and solutions of Group-IB, including, the last achievements in the field of protection of brands against network threats and prevention of frauds in the systems of Internet banking. Located in New York, Alexey Kuzmin is appointed the chief representative. Alexey stood at the origins of formation of the first private group of response to computer incidents (CERT) in France. Before transition to Group-IB he since 2007 headed CERT in Canada.

2010: Entry into the structure of Leta Group

In September, 2010 it became known that the Group-IB company will be a part of Leta Group.

2008: Partnership with GuardianEdge Technologies and Sourcefire

In the spring of 2008 the company becomes the exclusive representative of GuardianEdge Technologies, Inc. in Russia[6],[7].

In the fall of 2008 the company becomes the representative of Sourcefire, Inc  — founders of Snort, sale of their products is performed [8], [9].

2007: Separation from MSTU-test

To the middle of 2007 the company separates from MSTU-test laboratory, becomes the independent organization, provides a full range of services in information security support, successfully is engaged in the main activity  — investigation of IT incidents.

2005: Entry into NILE MSTU-test

In 2005 the company integrates about NILE MSTU-test and works as the special division of this laboratory which is engaged in investigation of computer crimes, IT incidents and other violations of information security.

2003: Creation of the company

The company is organized in 2003 as the organization positioning itself as the Russia's first company which is engaged in investigation of computer crimes on a commercial basis.