Sekoia.io Blog - News and analyses about threat intelligence

Read it later Remove

December 6 2023

Blogpost Research & Threat Intelligence

When a Botnet Cries: Detecting Botnet Infection Chains

Infection chains used by commodity malware are constantly evolving and use various tricks to bypass security measures and/or user awareness. BumbleBee, QNAPWorm, IcedID and Qakbot are all often used...Read More

Guillaume C., Erwan Chevalier and Threat & Detection Research Team - TDR Author

24 0

Read it later Remove

December 4 2023

Blogpost Product News & Tutorials

Sekoia.io achieves PCI-DSS compliance

Sekoia.io is proud to announce that it has achieved the Payment Card Industry Data Security Standard (PCI-DSS) compliance at Level 1. PCI-DSS compliance is a rigorous set of security...Read More

SEKOIA.IO Author

110 0

Read it later Remove

November 23 2023

Blogpost Product News & Tutorials

Revolutionize your security strategy: Introducing automatic asset discovery

Introduction In the rapidly evolving cybersecurity landscape, staying ahead of potential threats requires a robust and comprehensive approach to managing IT assets. We are pleased to announce the beta...Read More

SEKOIA.IO Author

145 0

Read it later Remove

November 22 2023

Blogpost Research & Threat Intelligence

Unmasking the latest trends of the Financial Cyber Threat Landscape

This report aims at depicting recent trends in cyber threats impacting the financial sector worldwide. It focuses on principal tactics, techniques and procedures used by lucrative and state-sponsored intrusion...Read More

Livia Tibirna, Coline Chavane and Threat & Detection Research Team - TDR Author

278 0

Read it later Remove

November 20 2023

Blogpost Research & Threat Intelligence

DarkGate Internals

Introduction & Objectives DarkGate is sold as Malware-as-a-Service (MaaS) on various cybercrime forums by RastaFarEye persona, in the past months it has been used by multiple threat actors such...Read More

Pierre Le Bourhis and Threat & Detection Research Team - TDR Author

414 0

Read it later Remove

November 17 2023

Blogpost Product News & Tutorials

Unveiling the power of the new Query Builder in Sekoia SOC Platform

Introduction The Query Builder is designed to simplify data exploration and enhance threat detection capabilities. This feature empowers Security Operations Center (SOC) teams to explore their data through an...Read More

SEKOIA.IO Author

261 0

Read it later Remove

November 13 2023

Blogpost Research & Threat Intelligence

Game Over: gaming community at risk with information stealers

This report was originally published for our customers on 26 October 2023. The world of online gaming, a thriving global community of millions, has become an enticing target for...Read More

Marc N and Threat & Detection Research Team - TDR Author

321 0

Read it later Remove

October 26 2023

Blogpost Research & Threat Intelligence

AridViper, an intrusion set allegedly associated with Hamas

Given the recent events involving the Palestinian politico-military organisation Hamas which conducted on 7 October 2023 a military and terrorist operation in Israel, Sekoia.io took a deeper look into...Read More

Threat & Detection Research Team - TDR Author

352 0

Read it later Remove

October 16 2023

Blogpost Research & Threat Intelligence

ClearFake: a newcomer to the “fake updates” threats landscape

ClearFake is a new malicious JavaScript framework deployed on compromised websites to deliver further malware using the drive-by download technique. This blogpost aims at presenting a technical analysis of...Read More

Quentin Bourgue and Threat & Detection Research Team - TDR Author

536 0

Read it later Remove

October 2 2023

Blogpost Research & Threat Intelligence

Active Lycantrox infrastructure illumination

Sekoia.io is actively monitoring hundreds of malicious infrastructure clusters to protect its customers. In light of the recent Citizenlab blogspot and in solidarity with the efforts against cyber mercenaries,...Read More

Felix Aimé, Maxime A. and Threat & Detection Research Team - TDR Author

808 0

Read it later Remove

September 14 2023

Blogpost Research & Threat Intelligence

Sekoia.io mid-2023 Ransomware Threat Landscape

This blog post aims at presenting an overview of the ransomware-related threat evolution in the first half of 2023. The observations and the analysis shared in this blog post...Read More

Livia Tibirna and Threat & Detection Research Team - TDR Author

524 0

Read it later Remove

September 12 2023

Blogpost Research & Threat Intelligence

The Transportation sector cyber threat overview

This report aims at contextualising cyber activities targeting the transportation sector worldwide over the 2022 - 2023 period. This report is based on open source reporting and Sekoia.io observations...Read More

Maxime A., Livia Tibirna and Threat & Detection Research Team - TDR Author

415 0

Read it later Remove

September 7 2023

Blogpost Research & Threat Intelligence

My Tea’s not cold. An overview of China’s cyber threat

This report is an overview of recent malicious cyber activities associated to China-nexus Intrusion Sets. It is based on open-source documents and Sekoia.io TDR analysts research and does not...Read More

Jamila B. and Threat & Detection Research Team - TDR Author

830 0

Read it later Remove

August 31 2023

Blogpost Research & Threat Intelligence

Engineering detection around Microsoft Defender

This blogpost slightly introduces Microsoft Defender different products and the confusion that can be made between them mainly because they were renamed over the years. Then it focuses on...Read More

Threat & Detection Research Team - TDR Author

545 0

Read it later Remove

July 12 2023

Research & Threat Intelligence

CustomerLoader: a new malware distributing a wide variety of payloads

This blog post aims at presenting a technical analysis of CustomerLoader focusing on the decryption of the next-stage payloads, an overview of more than 30 known and distributed malware...Read More

Quentin Bourgue, Pierre Le Bourhis and Threat & Detection Research Team - TDR Author

748 0

Read it later Remove

June 29 2023

Research & Threat Intelligence

Following NoName057(16) DDoSia Project’s Targets

DDoSia is a Distributed Denial of Service (DDoS) attack toolkit, developed and used by the pro Russia hacktivist nationalist group NoName057(16) against countries critical of the Russian invasion of...Read More

Amaury G., Charles M. and Threat & Detection Research Team - TDR Author

1591 0

Read it later Remove

June 5 2023

Research & Threat Intelligence

Iran Cyber Threat Overview

This blogpost aims at understanding and contextualising cyber malicious activities associated with Iran-nexus intrusions sets over the 2022-2023 period.Read More

Maxime A. and Threat & Detection Research Team - TDR Author

1060 0

Read it later Remove

May 22 2023

Research & Threat Intelligence

Bluenoroff’s RustBucket campaign

In April 2023, fellow security researchers at Jamf published a report on Bluenoroff’s RustBucket, a newly observed malware targeting macOS platform. Sekoia.io analysts further investigated Bluenoroff’s infrastructure and share...Read More

Jamila B., Kilian Seznec, Charles M. and Threat & Detection Research Team - TDR Author

882 0

Read it later Remove

May 17 2023

Research & Threat Intelligence

APT28 leverages multiple phishing techniques to target Ukrainian civil society

The APT28 intrusion set (aka. Sofacy, PawnStorm, Fancy Bear), associated to the Russian GRU was observed using multiple phishing techniques to target the Ukrainian civil society.Read More

Felix Aimé and Threat & Detection Research Team - TDR Author

960 0

Read it later Remove

May 11 2023

Research & Threat Intelligence

Overview of the Russian-speaking infostealer ecosystem: the logs

This blog post aims at presenting the life cycle of logs, the cybercrime marketplaces dedicated to logs and the noticeable schemes recently used by threat actors to exploit the...Read More

Quentin Bourgue and Threat & Detection Research Team - TDR Author

1302 0

Read it later Remove

April 11 2023

Research & Threat Intelligence

Overview of the Russian-speaking infostealer ecosystem: the distribution

This blog post aims at presenting the main techniques, tools and social engineering schemes used by the cybercriminals from the Russian-speaking infostealer ecosystem and observed by Sekoia.io analysts in...Read More

Quentin Bourgue and Threat & Detection Research Team - TDR Author

1313 0

Read it later Remove

April 5 2023

Research & Threat Intelligence

The Energy sector 2022 cyber threat landscape

This report is a joint CITALID and SEKOIA.IO analysis pertaining to cyber activities targeting the energy sector in 2022 in Europe. It is based on open sources reports and...Read More

Jamila B., Livia Tibirna and Threat & Detection Research Team - TDR Author

1029 0

Read it later Remove

March 30 2023

Research & Threat Intelligence

SEKOIA.IO analysis of the #VulkanFiles leak

In January 2023, French newspaper Le Monde offered SEKOIA.IO to cooperate on investigating exfiltrated Russian-written documents related to the Moscow-based private company Vulkan.Read More

Felix Aimé, Maxime A. and Threat & Detection Research Team - TDR Author

1270 0

Read it later Remove

March 16 2023

Research & Threat Intelligence

Peeking at Reaper’s surveillance operations

In this blogpost you will find the results of a survey conducted by our analysts on two Command and Control servers (C2s) of the North Korea-nexus intrusion set Reaper...Read More

Charles M. and Felix Aimé Author

1292 0

Read it later Remove

February 27 2023

Research & Threat Intelligence

Stealc: a copycat of Vidar and Raccoon infostealers gaining in popularity – Part...

This blogpost is a technical analysis of Stealc infostealer, detailing different characteristics of the malware, including anti analysis, strings de-obfuscation and C2 communication techniques.Read More

Pierre Le Bourhis, Quentin Bourgue and Threat & Detection Research Team - TDR Author

1408 0

Read it later Remove

February 21 2023

Research & Threat Intelligence

One Year After: The Cyber Implications of the Russo-Ukrainian War

As the ongoing Russo-Ukrainian conflict started on 24 February 2022 is about to mark its first year anniversary, Sekoia.io analysts share their analysis pertaining to the cyber picture. This...Read More

Livia Tibirna, Maxime A. and Threat & Detection Research Team - TDR Author

2173 0

Read it later Remove

February 20 2023

Research & Threat Intelligence

Stealc: a copycat of Vidar and Raccoon infostealers gaining in popularity – Part...

This blogpost aims at presenting the activities of the Stealc’s alleged developer, a technical analysis of the malware and its C2 communications, and how to track it.Read More

Quentin Bourgue, Pierre Le Bourhis and Threat & Detection Research Team - TDR Author

3164 0

Read it later Remove

December 16 2022

Research & Threat Intelligence

The DPRK delicate sound of cyber

This blogpost aims at contextualising and analysing trends pertaining to cyber malicious activities associated to the Democratic People’s Republic of Korea-nexus Intrusion Sets reported in open sources in 2022.Read More

Jamila B. and Threat & Detection Research Team - TDR Author

2204 0

Log in

Search the site...