In April 2023, fellow security researchers at Jamf published a report on Bluenoroff’s RustBucket, a newly observed malware targeting macOS platform. Sekoia.io analysts further investigated Bluenoroff’s infrastructure and share their findings in this report.
The APT28 intrusion set (aka. Sofacy, PawnStorm, Fancy Bear), associated to the Russian GRU was observed using multiple phishing techniques to target the Ukrainian civil society.
This blog post aims at presenting the life cycle of logs, the cybercrime marketplaces dedicated to logs and the noticeable schemes recently used by threat actors to exploit the stolen data.
The CTI produced within Sekoia.io provides a comprehensive vision on the global cyber-threats alongside technical indicators of compromise (IOC), revealing the presence of attackers. We are in a “one-to-many” model where we are building...
This blog post aims at presenting the main techniques, tools and social engineering schemes used by the cybercriminals from the Russian-speaking infostealer ecosystem and observed by Sekoia.io analysts in the past year.
This report is a joint CITALID and SEKOIA.IO analysis pertaining to cyber activities targeting the energy sector in 2022 in Europe. It is based on open sources reports and includes both our investigations and...
In January 2023, French newspaper Le Monde offered SEKOIA.IO to cooperate on investigating exfiltrated Russian-written documents related to the Moscow-based private company Vulkan.
In this blogpost you will find the results of a survey conducted by our analysts on two Command and Control servers (C2s) of the North Korea-nexus intrusion set Reaper (aka APT37). This investigation led...
Because collecting data from endpoints can sometimes be a pain (to say the least), SEKOIA.IO provides its own agent allowing to collect all relevant logs, from your workstations and servers, with a minimal configuration overhead. It is currently...
This blogpost is a technical analysis of Stealc infostealer, detailing different characteristics of the malware, including anti analysis, strings de-obfuscation and C2 communication techniques.