CERT-LEXSI specializes in cybercrime gangs' tracking and financial underground markets' monitoring.

For the past five years, the CERT-LEXSI analysts have been closely following the activities of various cybercriminal groups and studying the tactical patterns of their fraudulent schemes (DNS, botnets, servers, attack strategies). We constantly keep track of numerous data flows (spams, botnets, phishing sites, domains, DNS, honeypots, malware activity) in order to duly identify new malicious activities ran by specific groups and individuals.

Cybercriminal tracking enables preventive attack detection (i.e. detection of fake banking or phishing websites prior to the launch of a corresponding spam campaign) and detection of attack techniques in preparation.

We also conduct active theft monitoring within underground communities (IRC chatrooms and web forums) where blackmarket transactons take place, illegal services are offered, potential targets are discussed, etc.. LEXSI brings to light undercovered operational information such as cybercriminals' aliases, geolocalization information and identity profiling for further investigation or forensic handling.

Our approach offers early detection and analysis of newly developed financial malware. Financial institutions can therefore test their authentication systems and anticipate new forms of attacks.