EternityTeam: a new prominent threat group on underground forums
This blog post on EternityTeam originally came from a FLINT (SEKOIA.IO Flash Intelligence) report sent to our clients on April 12, 2022. During our monitoring of Dark Web cybercrime...Read More
Mars, a red-hot information stealer
Mars Stealer is an information stealer sold on underground forums by MarsTeam since June 22, 2021, with the malware-as-a-service model. The malware capabilities are those of a classic stealer...Read More
Lapsus$: when kiddies play in the big league
You may not have missed all the noises recently caused by Lapsus$, a group that seems to specialize in extortion without necessarily leveraging ransomware. At first glance, Lapsus$ check...Read More
A war on multiple fronts – the turbulent cybercrime landscape
Russia’s war in Ukraine is currently widely mirrored in cyberspace, engaging many different parties in an ever-increasing dispute. In this blog post, we will focus on developments in the...Read More
The story of a ransomware builder: from Thanos to Spook and beyond (Part...
In a blog post entitled “The story of a ransomware builder: from Thanos to Spook and beyond (Part 1)”, our colleagues from CERT-SEKOIA described the results of incident response on...Read More
Invasion of Ukraine – what implications in cyberspace?
A first version of this blogpost was released as a FLINT (Flash Intelligence Report) by SEKOIA.IO Threat & Detection Research Team on February 16, 2022. This is an updated...Read More
NOBELIUM’s EnvyScout infection chain goes in the registry, targeting embassies
NOBELIUM is another name for the APT29 intrusion set¹, operated by a threat actor allegedly linked to the SVR (the Foreign Intelligence Service of the Russian Federation)². NOBELIUM has...Read More
Log4Shell: the defender’s worst nightmare ?
[Since this post concerns a recently-published vulnerability, intelligence regarding latest research will be updated periodically] On Thursday, December 9, 2021, a code execution vulnerability (dubbed Log4Shell and referenced as...Read More
Walking on APT31 infrastructure footprints
SEKOIA.IO’s Cyber Threat Intelligence team had an in-depth look at the APT31 intrusion set at the beginning of 2021 when the BfV (Bundesamt für Verfassungsschutz)¹ and McAfee² released some new information....Read More
An insider insights into Conti operations – Part Two
The first blog post was focusing on Conti’s evolution and the leak’s context and analysis. In this second blog post, we will look into how to make simple detection rules to...Read More