SEKOIA.IO Ransomware Threat Landscape – second-half 2022
This blogpost aims at analysing and highlighting trends within the ransomware ecosystem in the second half of 2022Read More
The DPRK delicate sound of cyber
This blogpost aims at contextualising and analysing trends pertaining to cyber malicious activities associated to the Democratic People’s Republic of Korea-nexus Intrusion Sets reported in open sources in 2022.Read More
SEKOIA.IO Mid-2022 Ransomware Threat Landscape
SEKOIA.IO presents its Ransomware threat landscape for the first semester of 2022, with the following key points:Read More
Vice Society: a discreet but steady double extortion ransomware group
This blog post on Vice Society ransomware group was originally published as a FLINT report (SEKOIA.IO Flash Intelligence) sent to our clients on June 29, 2022. What is Vice Society?...Read More
BumbleBee: a new trendy loader for Initial Access Brokers
This blog post on BumbleBee malware was originally published as a FLINT report (SEKOIA.IO Flash Intelligence) sent to our clients on June 02, 2022. BumbleBee is a new malicious loader, first...Read More
Lapsus$: when kiddies play in the big league
You may not have missed all the noises recently caused by Lapsus$, a group that seems to specialize in extortion without necessarily leveraging ransomware. At first glance, Lapsus$ check...Read More
The story of a ransomware builder: from Thanos to Spook and beyond (Part...
In a blog post entitled “The story of a ransomware builder: from Thanos to Spook and beyond (Part 1)”, our colleagues from CERT-SEKOIA described the results of incident response on...Read More
The story of a ransomware builder: from Thanos to Spook and beyond (Part...
Introduction During an onsite incident response analysis, CERT-Sekoia was contacted in order to respond to a Spook ransomware attack. After gathering the evidence, we identified that malicious actors used...Read More
An insider insights into Conti operations – Part Two
The first blog post was focusing on Conti’s evolution and the leak’s context and analysis. In this second blog post, we will look into how to make simple detection rules to...Read More
An insider insights into Conti operations – Part One
This is the first of two blog posts, where we focus on the Conti ransomware group whose training material was recently leaked on a cybercrime forum. To provide some...Read More