Category: Sekoia.io Blog

This article is also available in French here. Today, we are pleased to celebrate a major achievement for Sekoia.io with the attainment of the ISO/IEC 27001:2022 certification. In this blog post, we’ll explain the journey to this high-end certification. What…

Read more →

This article was originally distributed as a private FLINT report to our customers on 29 January 2025. Introduction During our daily tracking and analysis routine at TDR (Threat Detection & Research), we have been monitoring a technique known as ClickFix12.…

Read more →

In this article, we will build upon the previous discussion of our detection approach and associated challenges by detailing the regular and automated actions implemented through our CI/CD pipelines. La publication suivante Detection engineering at scale: one step closer (part…

Read more →

In this article, we will build upon the previous discussion of our detection approach and associated challenges by detailing the regular and automated actions implemented through our CI/CD pipelines. La publication suivante Detection engineering at scale: one step closer (part…

Read more →

On 26 December 2024, the data security company Cyberhaven informed its users about a compromise of their Chrome browser extension. The attacker exploited the extension developer’s permissions, which had been previously gained through a targeted phishing attack, to upload a…

Read more →

In this article, we’ll explore why making the switch from QRadar to Sekoia Defend is a rewarding experience and how Sekoia’s state-of-the-art platform offers unparalleled flexibility and power. La publication suivante Transition from IBM QRadar to Sekoia for a modern…

Read more →

Introduction In December 2024, during our daily threat hunting routine, we uncovered a new Adversary-in-the-Middle (AiTM) phishing kit targeting Microsoft 365 accounts. These phishing pages have been circulating since at least October 2024, and during that period, we identified potential…

Read more →

This report was originally published for our customers on 12 December 2024. Introduction On Wednesday, 27 November 2024, Russian President Putin was on a 2-day state visit in Kazakhstan to discuss with local representatives the implementation of energy projects and…

Read more →

This report was originally published for our customers on 12 December 2024. Introduction On Wednesday, 27 November 2024, Russian President Putin was on a 2-day state visit in Kazakhstan to discuss with local representatives the implementation of energy projects and…

Read more →

This report was originally published for our customers on 12 December 2024. Introduction On Wednesday, 27 November 2024, Russian President Putin was on a 2-day state visit in Kazakhstan to discuss with local representatives the implementation of energy projects and…

Read more →

In September 2023, we successfully took ownership of one of the IP addresses used by the PlugX worm—a variant of PlugX associated with Mustang Panda, which possesses worming capabilities by infecting flash drives. Following this success, we studied the inner…

Read more →

In the ever-evolving landscape of cybersecurity, effective threat detection is paramount. Since its creation, YARA stands out as a powerful tool created to identify and classify malware. Originally developed by Victor Alvarez of VirusTotal, YARA has become a vital tool…

Read more →

Security Operations Center (SOC) and Detection Engineering teams frequently encounter challenges in both creating and maintaining detection rules, along with their associated documentation, over time. These difficulties stem largely from the sheer number of detection rules required to address a…

Read more →

Security Operations Center (SOC) and Detection Engineering teams frequently encounter challenges in both creating and maintaining detection rules, along with their associated documentation, over time. These difficulties stem largely from the sheer number of detection rules required to address a…

Read more →

Since launching in 2017, Sekoia.io has made a name for itself with its groundbreaking vision in threat detection, leveraging advanced analytics and smart machine learning. But the journey does not end there! Sekoia.io is always growing and improving its services…

Read more →

On a calm Friday afternoon, rumors of a new active threat starts hitting the various social network websites. Your CSIRT team starts checking the private channels they have with other CERTs and starts compiling a list of Indicators of Compromise…

Read more →

Executive Summary Introduction Recent reports about the People’s Republic of China (PRC) cyber capabilities highlighted its important arsenal mobilising institutional and military actors, as well as private companies providing hack-for-hire services for governmental operations. These findings pointed out the complexity…

Read more →

This blog post provides an overview of the observed Clickfix clusters and suggests detection rules based on an analysis of the various infection methods employed. La publication suivante ClickFix tactic: Revenge of detection est un article de Sekoia.io Blog. This…

Read more →

This blog post provides a chronological overview of the observed ClickFix campaigns. We further share technical details about a ClickFix cluster that uses fake Google Meet video conference pages to distribute infostealers. La publication suivante ClickFix tactic: The Phantom Meet…

Read more →

In hybrid and outsourced SOC models, managing access for different stakeholders—including internal security teams, MSSP personnel, and other IT departments—can be complex. Even different teams than security ones may need access to specific data, such as network logs for infrastructure…

Read more →