Category: Sekoia.io Blog

Security Operations Center (SOC) and Detection Engineering teams frequently encounter challenges in both creating and maintaining detection rules, along with their associated documentation, over time. These difficulties stem largely from the sheer number of detection rules required to address a…

Read more →

Security Operations Center (SOC) and Detection Engineering teams frequently encounter challenges in both creating and maintaining detection rules, along with their associated documentation, over time. These difficulties stem largely from the sheer number of detection rules required to address a…

Read more →

Since launching in 2017, Sekoia.io has made a name for itself with its groundbreaking vision in threat detection, leveraging advanced analytics and smart machine learning. But the journey does not end there! Sekoia.io is always growing and improving its services…

Read more →

On a calm Friday afternoon, rumors of a new active threat starts hitting the various social network websites. Your CSIRT team starts checking the private channels they have with other CERTs and starts compiling a list of Indicators of Compromise…

Read more →

Executive Summary Introduction Recent reports about the People’s Republic of China (PRC) cyber capabilities highlighted its important arsenal mobilising institutional and military actors, as well as private companies providing hack-for-hire services for governmental operations. These findings pointed out the complexity…

Read more →

This blog post provides an overview of the observed Clickfix clusters and suggests detection rules based on an analysis of the various infection methods employed. La publication suivante ClickFix tactic: Revenge of detection est un article de Sekoia.io Blog. This…

Read more →

This blog post provides a chronological overview of the observed ClickFix campaigns. We further share technical details about a ClickFix cluster that uses fake Google Meet video conference pages to distribute infostealers. La publication suivante ClickFix tactic: The Phantom Meet…

Read more →

In hybrid and outsourced SOC models, managing access for different stakeholders—including internal security teams, MSSP personnel, and other IT departments—can be complex. Even different teams than security ones may need access to specific data, such as network logs for infrastructure…

Read more →

Discover Mamba 2FA, a previously unknown adversary-in-the-middle (AiTM) phishing kit, sold as phishing-as-a-service (PhaaS). La publication suivante Mamba 2FA: A new contender in the AiTM phishing ecosystem est un article de Sekoia.io Blog. This article has been indexed from Sekoia.io…

Read more →

Whether you’re an MSSP looking to enhance client offerings or an internal SOC team striving for operational excellence, adopting Detection-as-Code can be a game-changer. Here’s why it matters. La publication suivante Getting started with Detection-as-Code and Sekoia Platform est un…

Read more →

Understanding cyber threats and IoC (Indicators of Compromise) is crucial for protecting your organisation from cybercriminal activities. At Sekoia, we’ve embraced this by developing a comprehensive solution that combines Cyber Threat Intelligence (The Sekoia Intelligence product) with our detection platform,…

Read more →

Since mid 2023, Sekoia Threat Detection & Research team (TDR) investigated an infrastructure which controls compromised edge devices transformed into Operational Relay Boxes used to launch offensive cyber attack. La publication suivante Bulbature, beneath the waves of GobRAT est un…

Read more →

In today’s cybersecurity landscape, upgrading from legacy SIEM solutions to modern SOC platforms is no longer a question of if, but when. As we enter 2024, security teams must adapt to the increasingly complex threats they face, and relying on…

Read more →

On 17 September 2024, Sekoia’s Threat Detection & Research (TDR) team identified a notable infection chain targeting both Windows and Linux systems through our Oracle WebLogic honeypot. The attacker exploited CVE-2017-10271 and CVE-2020-14883 Weblogic vulnerabilities to deploy Python and Bash…

Read more →

To read the French version the article, click here. The European Union (EU) adopted a fundamental directive at the end of 2022 aimed at protecting critical sectors of the European economy from cyber threats. Directive (EU) 2022/2555, better known as…

Read more →

Our investigation uncovered 25 kurdish websites compromised by four different variants of a malicious script, ranging from the simplest, which obtains the device’s location, to the most complex, which prompts selected users to install a malicious Android application. La publication…

Read more →

This blogpost examines the use of WebDAV technology in hosting malicious files related to the Emmenhtal loader, then analyses the various final payloads delivered through this infrastructure, and concludes by exploring the possibility that the infrastructure is being offered as-a-service…

Read more →

Anticipating Paris 2024 Olympics cyber threats, Sekoia.io has conducted over July and August 2024 a proactive hunting of Olympics-typosquatted domains registered by malicious actors – cybercrime related and possibly APT campaigns – in order to detect any kind of operations…

Read more →

Anticipating Paris 2024 Olympics cyber threats, Sekoia.io has conducted over July and August 2024 a proactive hunting of Olympics-typosquatted domains registered by malicious actors – cybercrime related and possibly APT campaigns – in order to detect any kind of operations…

Read more →

Key Takeaways The Sekoia TDR team has recently identified new staging servers, leading to the discovery of additional targets, implants, and botnet clusters tied to the Quad7 operators. The Quad7 botnet operators seem to be compromising several brands of SOHO…

Read more →