This blog post aims at presenting an overview of the ransomware-related threat evolution in the first half of 2023. The observations and the analysis shared in this blog post focus on ransomware operations mostly...
This report aims at contextualising cyber activities targeting the transportation sector worldwide over the 2022 - 2023 period. This report is based on open source reporting and Sekoia.io observations of campaigns mostly impacting the...
This report is an overview of recent malicious cyber activities associated to China-nexus Intrusion Sets. It is based on open-source documents and Sekoia.io TDR analysts research and does not intend to present an exhaustive...
This blogpost slightly introduces Microsoft Defender different products and the confusion that can be made between them mainly because they were renamed over the years. Then it focuses on detection engineering around Microsoft Defender...
This blog post aims at presenting a technical analysis of CustomerLoader focusing on the decryption of the next-stage payloads, an overview of more than 30 known and distributed malware families, and details on three...
DDoSia is a Distributed Denial of Service (DDoS) attack toolkit, developed and used by the pro Russia hacktivist nationalist group NoName057(16) against countries critical of the Russian invasion of Ukraine.
This blogpost aims at understanding and contextualising cyber malicious activities associated with Iran-nexus intrusions sets over the 2022-2023 period.
In April 2023, fellow security researchers at Jamf published a report on Bluenoroff’s RustBucket, a newly observed malware targeting macOS platform. Sekoia.io analysts further investigated Bluenoroff’s infrastructure and share their findings in this report.
The APT28 intrusion set (aka. Sofacy, PawnStorm, Fancy Bear), associated to the Russian GRU was observed using multiple phishing techniques to target the Ukrainian civil society.
This blog post aims at presenting the life cycle of logs, the cybercrime marketplaces dedicated to logs and the noticeable schemes recently used by threat actors to exploit the stolen data.