APT28 leverages multiple phishing techniques to target Ukrainian civil society
The APT28 intrusion set (aka. Sofacy, PawnStorm, Fancy Bear), associated to the Russian GRU was observed using multiple phishing techniques to target the Ukrainian civil society.Read More
SEKOIA.IO analysis of the #VulkanFiles leak
In January 2023, French newspaper Le Monde offered SEKOIA.IO to cooperate on investigating exfiltrated Russian-written documents related to the Moscow-based private company Vulkan.Read More
Peeking at Reaper’s surveillance operations
In this blogpost you will find the results of a survey conducted by our analysts on two Command and Control servers (C2s) of the North Korea-nexus intrusion set Reaper...Read More
Raspberry Robin’s botnet second life
As many botnets and worms, SEKOIA.IO analysts demonstrate through this article that Raspberry Robin can be repurposed by other threat actors to deploy their own implants.Read More
Calisto show interests into entities involved in Ukraine war support
Calisto (aka Callisto, COLDRIVER) is suspected to be a Russian-nexus intrusion set active since at least April 2017. Although it was not publicly attributed to any Russian intelligence service,...Read More
LuckyMouse uses a backdoored Electron app to target MacOS
This blog post on LuckyMouse is an extract of the “FLINT 2022-045 – LuckyMouse uses a backdoored Electron app to target MacOS” report (SEKOIA.IO Flash Intelligence) sent to our clients...Read More
CALISTO continues its credential harvesting campaign
This blog post on CALISTO threat actor is an extract of a FLINT report (Sekoia.io Flash Intelligence) sent to our clients on June 16, 2022. March 30, 2022, Google TAG...Read More
MSDT abused to achieve RCE on Microsoft Office
This blog post on this Microsoft zero-day vulnerability was originally published as a FLINT report (SEKOIA.IO Flash Intelligence) sent to our clients on May 31, 2022. On May 27th a...Read More
NOBELIUM’s EnvyScout infection chain goes in the registry, targeting embassies
NOBELIUM is another name for the APT29 intrusion set¹, operated by a threat actor allegedly linked to the SVR (the Foreign Intelligence Service of the Russian Federation)². NOBELIUM has...Read More
Log4Shell: the defender’s worst nightmare ?
[Since this post concerns a recently-published vulnerability, intelligence regarding latest research will be updated periodically] On Thursday, December 9, 2021, a code execution vulnerability (dubbed Log4Shell and referenced as...Read More