Category: Sekoia.io Blog

This post was originally distributed as a private FLINT report to our customers on 15 July 2025. Introduction In early 2025, we published a blogpost reporting on a botnet we dubbed PolarEdge, first detected in January 2025, when our honeypots…

Read more →

This article on was originally distributed as a private report to our customers. Introduction The monitoring and analysis of vulnerability exploitations are among the primary responsibilities of Sekoia.io’s Threat Detection & Research (TDR) team. Using our honeypots, we monitor traffic…

Read more →

This post was originally distributed as a private FLINT report to our customers on 12 August 2025. Introduction Sekoia.io’s Threat Detection and Response (TDR) team closely monitors APT28 as one of its highest-priority threat actors. In early 2025 a trusted…

Read more →

This post was originally distributed as a private FLINT report to our customers on 12 August 2025. Introduction Sekoia.io’s Threat Detection and Response (TDR) team closely monitors APT28 as one of its highest-priority threat actors. In early 2025 a trusted…

Read more →

This report provides an overview of the commercial surveillance vendors ecosystem between 2010 and 2025, analysing their spyware offerings, business models, client base, target profiles, and infection chains. La publication suivante Predators for Hire: A Global Overview of Commercial Surveillance…

Read more →

This report explores current trends in the AitM phishing landscape and the prevalence of leading kits. La publication suivante Predators for Hire: A Global Overview of Commercial Surveillance Vendors est un article de Sekoia.io Blog. This article has been indexed…

Read more →

This report explores current trends in the AitM phishing landscape and the prevalence of leading kits. La publication suivante Global analysis of Adversary-in-the-Middle phishing threats est un article de Sekoia.io Blog. This article has been indexed from Sekoia.io Blog Read…

Read more →

This report explores current trends in the AitM phishing landscape and the prevalence of leading kits. La publication suivante Global analysis of Adversary-in-the-Middle phishing threats est un article de Sekoia.io Blog. This article has been indexed from Sekoia.io Blog Read…

Read more →

As the cyber threat landscape evolves and the digital landscape changes, regulatory frameworks continue to emerge, aiming to bolster the security posture of organisations, particularly in the financial sector. One such regulation is the Digital Operational Resilience Act (DORA), effective…

Read more →

As the cyber threat landscape evolves and the digital landscape changes, regulatory frameworks continue to emerge, aiming to bolster the security posture of organisations, particularly in the financial sector. One such regulation is the Digital Operational Resilience Act (DORA), effective…

Read more →

This article on was originally distributed as a private report to our customers. Introduction Once upon a time, in the land of the CMS honeypot, a curious threat named Mimo crept silently through the digital woods. Unlike your typical fairytale…

Read more →

This article on was originally distributed as a private report to our customers. Introduction Once upon a time, in the land of the CMS honeypot, a curious threat named Mimo crept silently through the digital woods. Unlike your typical fairytale…

Read more →

This blog post analyzes the Vicious Trap, a honeypot network deployed on compromised edge devices. La publication suivante ViciousTrap – Infiltrate, Control, Lure: Turning edge devices into honeypots en masse.  est un article de Sekoia.io Blog. This article has been…

Read more →

During our daily tracking and analysis routine at Sekoia TDR team (Threat Detection & Research), we have been monitoring an attacker infrastructure internally called “Cloudflare tunnel infrastructure to deliver multiple RATs”.  This infrastructure is used by several actors to host…

Read more →

During our daily tracking and analysis routine at Sekoia TDR team (Threat Detection & Research), we have been monitoring an attacker infrastructure internally called “Cloudflare tunnel infrastructure to deliver multiple RATs”.  This infrastructure is used by several actors to host…

Read more →

Introduction Interlock is a ransomware intrusion set first observed in September 2024 that conducts Big Game Hunting and double extortion campaigns. Interlock cannot be classified as a “Ransomware-as-a-Service” (RaaS) group, as no advertisements for recruiting affiliates or information about affiliates…

Read more →

Introduction Interlock is a ransomware intrusion set first observed in September 2024 that conducts Big Game Hunting and double extortion campaigns. Interlock cannot be classified as a “Ransomware-as-a-Service” (RaaS) group, as no advertisements for recruiting affiliates or information about affiliates…

Read more →

At CES in January 2025, Nvidia CEO Jenson Huang stood before the audience and described the direction of travel in Artificial Intelligence; The Sekoia platform has always been at the bleeding edge of each AI wave, empowering SOC teams to…

Read more →

This post was originally distributed as a private FLINT report to our customers on 21 March 2025. Introduction In March 2025, Bybit, an UAE-based crypto exchange platform, was targeted by Lazarus, a state-sponsored intrusion set attributed to the Democratic People’s…

Read more →

This post was originally distributed as a private FLINT report to our customers on 21 March 2025. Introduction In March 2025, Bybit, an UAE-based crypto exchange platform, was targeted by Lazarus, a state-sponsored intrusion set attributed to the Democratic People’s…

Read more →