Raccoon Stealer v2 – Part 1: The return of the dead
Raccoon Stealer was one of the most prolific information stealers in 2021, being used by multiple cybercriminal actors. Due to its wide stealing capabilities, the customizability of the malware...Read More
CALISTO continues its credential harvesting campaign
This blog post on CALISTO threat actor is an extract of a FLINT report (SEKOIA.IO Flash Intelligence) sent to our clients on June 16, 2022. March 30, 2022, Google TAG...Read More
BumbleBee: a new trendy loader for Initial Access Brokers
This blog post on BumbleBee malware was originally published as a FLINT report (SEKOIA.IO Flash Intelligence) sent to our clients on June 02, 2022. BumbleBee is a new malicious loader, first...Read More
MSDT abused to achieve RCE on Microsoft Office
This blog post on this Microsoft zero-day vulnerability was originally published as a FLINT report (SEKOIA.IO Flash Intelligence) sent to our clients on May 31, 2022. On May 27th a...Read More
TURLA’s new phishing-based reconnaissance campaign in Eastern Europe
This blog post on TURLA was originally published as a FLINT report (SEKOIA.IO Flash Intelligence) sent to our clients on May 11, 2022. Executive Summary SEKOIA.IO Threat & Detection Research...Read More
EternityTeam: a new prominent threat group on underground forums
This blog post on EternityTeam originally came from a FLINT (SEKOIA.IO Flash Intelligence) report sent to our clients on April 12, 2022. During our monitoring of Dark Web cybercrime...Read More
Mars, a red-hot information stealer
Mars Stealer is an information stealer sold on underground forums by MarsTeam since June 22, 2021, with the malware-as-a-service model. The malware capabilities are those of a classic stealer...Read More
Lapsus$: when kiddies play in the big league
You may not have missed all the noises recently caused by Lapsus$, a group that seems to specialize in extortion without necessarily leveraging ransomware. At first glance, Lapsus$ check...Read More
A war on multiple fronts – the turbulent cybercrime landscape
Russia’s war in Ukraine is currently widely mirrored in cyberspace, engaging many different parties in an ever-increasing dispute. In this blog post, we will focus on developments in the...Read More
The story of a ransomware builder: from Thanos to Spook and beyond (Part...
In a blog post entitled “The story of a ransomware builder: from Thanos to Spook and beyond (Part 1)”, our colleagues from CERT-SEKOIA described the results of incident response on...Read More