When a Botnet Cries: Detecting Botnet Infection Chains
Infection chains used by commodity malware are constantly evolving and use various tricks to bypass security measures and/or user awareness. BumbleBee, QNAPWorm, IcedID and Qakbot are all often used...Read More
Unmasking the latest trends of the Financial Cyber Threat Landscape
This report aims at depicting recent trends in cyber threats impacting the financial sector worldwide. It focuses on principal tactics, techniques and procedures used by lucrative and state-sponsored intrusion...Read More
DarkGate Internals
Introduction & Objectives DarkGate is sold as Malware-as-a-Service (MaaS) on various cybercrime forums by RastaFarEye persona, in the past months it has been used by multiple threat actors such...Read More
Game Over: gaming community at risk with information stealers
This report was originally published for our customers on 26 October 2023. The world of online gaming, a thriving global community of millions, has become an enticing target for...Read More
AridViper, an intrusion set allegedly associated with Hamas
Given the recent events involving the Palestinian politico-military organisation Hamas which conducted on 7 October 2023 a military and terrorist operation in Israel, Sekoia.io took a deeper look into...Read More
ClearFake: a newcomer to the “fake updates” threats landscape
ClearFake is a new malicious JavaScript framework deployed on compromised websites to deliver further malware using the drive-by download technique. This blogpost aims at presenting a technical analysis of...Read More
Active Lycantrox infrastructure illumination
Sekoia.io is actively monitoring hundreds of malicious infrastructure clusters to protect its customers. In light of the recent Citizenlab blogspot and in solidarity with the efforts against cyber mercenaries,...Read More
Sekoia.io mid-2023 Ransomware Threat Landscape
This blog post aims at presenting an overview of the ransomware-related threat evolution in the first half of 2023. The observations and the analysis shared in this blog post...Read More
The Transportation sector cyber threat overview
This report aims at contextualising cyber activities targeting the transportation sector worldwide over the 2022 - 2023 period. This report is based on open source reporting and Sekoia.io observations...Read More
My Tea’s not cold. An overview of China’s cyber threat
This report is an overview of recent malicious cyber activities associated to China-nexus Intrusion Sets. It is based on open-source documents and Sekoia.io TDR analysts research and does not...Read More