Category: Sekoia.io Blog

As the cyber threat landscape evolves and the digital landscape changes, regulatory frameworks continue to emerge, aiming to bolster the security posture of organisations, particularly in the financial sector. One such regulation is the Digital Operational Resilience Act (DORA), effective…

Read more →

As the cyber threat landscape evolves and the digital landscape changes, regulatory frameworks continue to emerge, aiming to bolster the security posture of organisations, particularly in the financial sector. One such regulation is the Digital Operational Resilience Act (DORA), effective…

Read more →

This article on was originally distributed as a private report to our customers. Introduction Once upon a time, in the land of the CMS honeypot, a curious threat named Mimo crept silently through the digital woods. Unlike your typical fairytale…

Read more →

This article on was originally distributed as a private report to our customers. Introduction Once upon a time, in the land of the CMS honeypot, a curious threat named Mimo crept silently through the digital woods. Unlike your typical fairytale…

Read more →

This blog post analyzes the Vicious Trap, a honeypot network deployed on compromised edge devices. La publication suivante ViciousTrap – Infiltrate, Control, Lure: Turning edge devices into honeypots en masse.  est un article de Sekoia.io Blog. This article has been…

Read more →

During our daily tracking and analysis routine at Sekoia TDR team (Threat Detection & Research), we have been monitoring an attacker infrastructure internally called “Cloudflare tunnel infrastructure to deliver multiple RATs”.  This infrastructure is used by several actors to host…

Read more →

During our daily tracking and analysis routine at Sekoia TDR team (Threat Detection & Research), we have been monitoring an attacker infrastructure internally called “Cloudflare tunnel infrastructure to deliver multiple RATs”.  This infrastructure is used by several actors to host…

Read more →

Introduction Interlock is a ransomware intrusion set first observed in September 2024 that conducts Big Game Hunting and double extortion campaigns. Interlock cannot be classified as a “Ransomware-as-a-Service” (RaaS) group, as no advertisements for recruiting affiliates or information about affiliates…

Read more →

Introduction Interlock is a ransomware intrusion set first observed in September 2024 that conducts Big Game Hunting and double extortion campaigns. Interlock cannot be classified as a “Ransomware-as-a-Service” (RaaS) group, as no advertisements for recruiting affiliates or information about affiliates…

Read more →

At CES in January 2025, Nvidia CEO Jenson Huang stood before the audience and described the direction of travel in Artificial Intelligence; The Sekoia platform has always been at the bleeding edge of each AI wave, empowering SOC teams to…

Read more →

This post was originally distributed as a private FLINT report to our customers on 21 March 2025. Introduction In March 2025, Bybit, an UAE-based crypto exchange platform, was targeted by Lazarus, a state-sponsored intrusion set attributed to the Democratic People’s…

Read more →

This post was originally distributed as a private FLINT report to our customers on 21 March 2025. Introduction In March 2025, Bybit, an UAE-based crypto exchange platform, was targeted by Lazarus, a state-sponsored intrusion set attributed to the Democratic People’s…

Read more →

ClearFake is a malicious JavaScript framework deployed on compromised websites to deliver malware through the drive-by download technique. When it first emerged in July 2023, the injected code was designed to display a fake web browser download page, tricking users…

Read more →

Introduction ClearFake is a malicious JavaScript framework deployed on compromised websites to deliver malware through the drive-by download technique. When it first emerged in July 2023, the injected code was designed to display a fake web browser download page, tricking…

Read more →

Following our first article explaining our detection approach and associated challenges, the second one detailing the regular and automated actions implemented through our CI/CD pipelines, we will now conclude this series by presenting the continuous improvement loop that allows us…

Read more →

Following our first article explaining our detection approach and associated challenges, the second one detailing the regular and automated actions implemented through our CI/CD pipelines, we will now conclude this series by presenting the continuous improvement loop that allows us…

Read more →

This blog post analyzes the PolarEdge backdoor and its associated botnet, offering insights into the adversary’s infrastructure. La publication suivante PolarEdge: Unveiling an uncovered ORB network est un article de Sekoia.io Blog. This article has been indexed from Sekoia.io Blog…

Read more →

This blog post analyzes the PolarEdge backdoor and its associated botnet, offering insights into the adversary’s infrastructure. La publication suivante PolarEdge: Unveiling an uncovered ORB network est un article de Sekoia.io Blog. This article has been indexed from Sekoia.io Blog…

Read more →

This blog post analyzes the PolarEdge backdoor and its associated botnet, offering insights into the adversary’s infrastructure. La publication suivante PolarEdge: Unveiling an uncovered IOT Botnet est un article de Sekoia.io Blog. This article has been indexed from Sekoia.io Blog…

Read more →

This report provides an overview of the main actors involved in malicious campaigns impacting the financial sector in 2024. It follows up on a previous Sekoia report focusing on the emerging trends in the financial cyber threat landscape. La publication…

Read more →