Category: Sekoia.io Blog

Discover Mamba 2FA, a previously unknown adversary-in-the-middle (AiTM) phishing kit, sold as phishing-as-a-service (PhaaS). La publication suivante Mamba 2FA: A new contender in the AiTM phishing ecosystem est un article de Sekoia.io Blog. This article has been indexed from Sekoia.io…

Read more →

Whether you’re an MSSP looking to enhance client offerings or an internal SOC team striving for operational excellence, adopting Detection-as-Code can be a game-changer. Here’s why it matters. La publication suivante Getting started with Detection-as-Code and Sekoia Platform est un…

Read more →

Understanding cyber threats and IoC (Indicators of Compromise) is crucial for protecting your organisation from cybercriminal activities. At Sekoia, we’ve embraced this by developing a comprehensive solution that combines Cyber Threat Intelligence (The Sekoia Intelligence product) with our detection platform,…

Read more →

Since mid 2023, Sekoia Threat Detection & Research team (TDR) investigated an infrastructure which controls compromised edge devices transformed into Operational Relay Boxes used to launch offensive cyber attack. La publication suivante Bulbature, beneath the waves of GobRAT est un…

Read more →

In today’s cybersecurity landscape, upgrading from legacy SIEM solutions to modern SOC platforms is no longer a question of if, but when. As we enter 2024, security teams must adapt to the increasingly complex threats they face, and relying on…

Read more →

On 17 September 2024, Sekoia’s Threat Detection & Research (TDR) team identified a notable infection chain targeting both Windows and Linux systems through our Oracle WebLogic honeypot. The attacker exploited CVE-2017-10271 and CVE-2020-14883 Weblogic vulnerabilities to deploy Python and Bash…

Read more →

To read the French version the article, click here. The European Union (EU) adopted a fundamental directive at the end of 2022 aimed at protecting critical sectors of the European economy from cyber threats. Directive (EU) 2022/2555, better known as…

Read more →

Our investigation uncovered 25 kurdish websites compromised by four different variants of a malicious script, ranging from the simplest, which obtains the device’s location, to the most complex, which prompts selected users to install a malicious Android application. La publication…

Read more →

This blogpost examines the use of WebDAV technology in hosting malicious files related to the Emmenhtal loader, then analyses the various final payloads delivered through this infrastructure, and concludes by exploring the possibility that the infrastructure is being offered as-a-service…

Read more →

Anticipating Paris 2024 Olympics cyber threats, Sekoia.io has conducted over July and August 2024 a proactive hunting of Olympics-typosquatted domains registered by malicious actors – cybercrime related and possibly APT campaigns – in order to detect any kind of operations…

Read more →

Anticipating Paris 2024 Olympics cyber threats, Sekoia.io has conducted over July and August 2024 a proactive hunting of Olympics-typosquatted domains registered by malicious actors – cybercrime related and possibly APT campaigns – in order to detect any kind of operations…

Read more →

Key Takeaways The Sekoia TDR team has recently identified new staging servers, leading to the discovery of additional targets, implants, and botnet clusters tied to the Quad7 operators. The Quad7 botnet operators seem to be compromising several brands of SOHO…

Read more →

Platform enabled services In previous posts (see links below), I’ve outlined already the profound transformation of Security Operations Center (SOC) technologies. The journey from on-premise SOC solutions to Software-as-a-Service (SaaS) delivered platforms marks a significant milestone in this evolution. Gartner’s…

Read more →

Platform enabled services In previous posts (see links below), I’ve outlined already the profound transformation of Security Operations Center (SOC) technologies. The journey from on-premise SOC solutions to Software-as-a-Service (SaaS) delivered platforms marks a significant milestone in this evolution. Gartner’s…

Read more →

Written by Mitigant (Kennedy Torkura) and Sekoia.io Threat Detection and Research (TDR) team (Erwan Chevalier and Guillaume Couchard). Introduction Enterprises are increasingly using cloud infrastructure to take advantage of its underlying benefits. Unlike traditional data centres, cloud infrastructure affords business…

Read more →

Written by Mitigant (Kennedy Torkura) and Sekoia.io Threat Detection and Research (TDR) team (Erwan Chevalier and Guillaume Couchard). Introduction Enterprises are increasingly using cloud infrastructure to take advantage of its underlying benefits. Unlike traditional data centres, cloud infrastructure affords business…

Read more →

Key Takeaways Sekoia.io investigated the mysterious 7777 botnet (aka. Quad7 botnet), published by the independent researcher Git7w0rm inside the “The curious case of the 7777 botnet” blogpost.   This investigation allowed us to intercept network communications and malware deployed on…

Read more →

In today’s digital age, small and medium enterprises (SMEs) are facing unprecedented cybersecurity challenges. The threat landscape has evolved dramatically, with malicious actors constantly seeking out the weakest links, including those within supply chains. La publication suivante Technological Evolution and…

Read more →

In today’s digital age, small and medium enterprises (SMEs) are facing unprecedented cybersecurity challenges. The threat landscape has evolved dramatically, with malicious actors constantly seeking out the weakest links, including those within supply chains. La publication suivante Technological Evolution and…

Read more →

This report was originally published for our customers on 20 June 2024. Today, the Check Point Research (CPR) team published a report on the same implant, providing details of recent MuddyWater campaigns. Introduction On June 9 2024, ClearSky tweeted about a new…

Read more →