BumbleBee: a new trendy loader for Initial Access Brokers
This blog post on BumbleBee malware was originally published as a FLINT report (SEKOIA.IO Flash Intelligence) sent to our clients on June 02, 2022. BumbleBee is a new malicious loader, first...Read More
Lapsus$: when kiddies play in the big league
You may not have missed all the noises recently caused by Lapsus$, a group that seems to specialize in extortion without necessarily leveraging ransomware. At first glance, Lapsus$ check...Read More
The story of a ransomware builder: from Thanos to Spook and beyond (Part...
In a blog post entitled “The story of a ransomware builder: from Thanos to Spook and beyond (Part 1)”, our colleagues from CERT-SEKOIA described the results of incident response on...Read More
The story of a ransomware builder: from Thanos to Spook and beyond (Part...
Introduction During an onsite incident response analysis, CERT-Sekoia was contacted in order to respond to a Spook ransomware attack. After gathering the evidence, we identified that malicious actors used...Read More
An insider insights into Conti operations – Part Two
The first blog post was focusing on Conti’s evolution and the leak’s context and analysis. In this second blog post, we will look into how to make simple detection rules to...Read More
An insider insights into Conti operations – Part One
This is the first of two blog posts, where we focus on the Conti ransomware group whose training material was recently leaked on a cybercrime forum. To provide some...Read More