SEKOIA.IO BLOG - News and analyses about cybersecurity operations and threat intelligence

Read it later Remove

April 29 2022

Blogpost

SEKOIA proudly flies the flag of “Cybersecurity Made In Europe”

The European cybersecurity market is huge, diverse and complex. Browsing popular listings, one can spot several hundreds different products on the European market alone. This can make it difficult...Read More

SEKOIA.IO Author

69 0

Read it later Remove

April 22 2022

Blogpost

XDR vs Ransomware

Ransomware are still boasting a first rank among cyber threats in 2022 for all companies from SMEs to large groups, and even in the public sector. Yet this threat,...Read More

SEKOIA.IO Author

173 0

Read it later Remove

April 7 2022

Blogpost

Mars, a red-hot information stealer

Mars Stealer is an information stealer sold on underground forums by MarsTeam since June 22, 2021, with the malware-as-a-service model. The malware capabilities are those of a classic stealer...Read More

Threat & Detection Research Team Author

1239 0

Read it later Remove

March 29 2022

Blogpost

Improving Threat Detection with Sigma Correlations

Today, we are adding Sigma Correlations support to the SEKOIA.IO threat detection capabilities! In this post, we discuss what can be done with it, and why it was needed....Read More

Upscaling Team Author

832 0

Read it later Remove

March 23 2022

Blogpost

Lapsus$: when kiddies play in the big league

You may not have missed all the noises recently caused by Lapsus$, a group that seems to specialize in extortion without necessarily leveraging ransomware. At first glance, Lapsus$ check...Read More

Threat & Detection Research Team Author

290 0

Read it later Remove

March 7 2022

Blogpost

A war on multiple fronts – the turbulent cybercrime landscape

Russia’s war in Ukraine is currently widely mirrored in cyberspace, engaging many different parties in an ever-increasing dispute. In this blog post, we will focus on developments in the...Read More

Threat & Detection Research Team Author

263 0

Read it later Remove

February 25 2022

Blogpost

The story of a ransomware builder: from Thanos to Spook and beyond (Part...

In a blog post entitled “The story of a ransomware builder: from Thanos to Spook and beyond (Part 1)”, our colleagues from CERT-SEKOIA described the results of incident response on...Read More

Threat & Detection Research Team Author

153 0

Read it later Remove

February 24 2022

Blogpost

Invasion of Ukraine – what implications in cyberspace?

A first version of this blogpost was released as a FLINT (Flash Intelligence Report) by SEKOIA.IO Threat & Detection Research Team on February 16, 2022. This is an updated...Read More

Threat & Detection Research Team Author

165 0

Read it later Remove

February 17 2022

Blogpost

The story of a ransomware builder: from Thanos to Spook and beyond (Part...

Introduction During an onsite incident response analysis, CERT-Sekoia was contacted in order to respond to a Spook ransomware attack. After gathering the evidence, we identified that malicious actors used...Read More

CERT-SEKOIA Author

279 0

Read it later Remove

January 6 2022

Blogpost

NOBELIUM’s EnvyScout infection chain goes in the registry, targeting embassies

NOBELIUM is another name for the APT29 intrusion set¹, operated by a threat actor allegedly linked to the SVR (the Foreign Intelligence Service of the Russian Federation)². NOBELIUM has...Read More

Threat & Detection Research Team Author

670 0

Log in

Search the site...