Category: Sekoia.io Blog

On 17 September 2024, Sekoia’s Threat Detection & Research (TDR) team identified a notable infection chain targeting both Windows and Linux systems through our Oracle WebLogic honeypot. The attacker exploited CVE-2017-10271 and CVE-2020-14883 Weblogic vulnerabilities to deploy Python and Bash…

Read more →

To read the French version the article, click here. The European Union (EU) adopted a fundamental directive at the end of 2022 aimed at protecting critical sectors of the European economy from cyber threats. Directive (EU) 2022/2555, better known as…

Read more →

Our investigation uncovered 25 kurdish websites compromised by four different variants of a malicious script, ranging from the simplest, which obtains the device’s location, to the most complex, which prompts selected users to install a malicious Android application. La publication…

Read more →

This blogpost examines the use of WebDAV technology in hosting malicious files related to the Emmenhtal loader, then analyses the various final payloads delivered through this infrastructure, and concludes by exploring the possibility that the infrastructure is being offered as-a-service…

Read more →

Anticipating Paris 2024 Olympics cyber threats, Sekoia.io has conducted over July and August 2024 a proactive hunting of Olympics-typosquatted domains registered by malicious actors – cybercrime related and possibly APT campaigns – in order to detect any kind of operations…

Read more →

Anticipating Paris 2024 Olympics cyber threats, Sekoia.io has conducted over July and August 2024 a proactive hunting of Olympics-typosquatted domains registered by malicious actors – cybercrime related and possibly APT campaigns – in order to detect any kind of operations…

Read more →

Key Takeaways The Sekoia TDR team has recently identified new staging servers, leading to the discovery of additional targets, implants, and botnet clusters tied to the Quad7 operators. The Quad7 botnet operators seem to be compromising several brands of SOHO…

Read more →

Platform enabled services In previous posts (see links below), I’ve outlined already the profound transformation of Security Operations Center (SOC) technologies. The journey from on-premise SOC solutions to Software-as-a-Service (SaaS) delivered platforms marks a significant milestone in this evolution. Gartner’s…

Read more →

Platform enabled services In previous posts (see links below), I’ve outlined already the profound transformation of Security Operations Center (SOC) technologies. The journey from on-premise SOC solutions to Software-as-a-Service (SaaS) delivered platforms marks a significant milestone in this evolution. Gartner’s…

Read more →

Written by Mitigant (Kennedy Torkura) and Sekoia.io Threat Detection and Research (TDR) team (Erwan Chevalier and Guillaume Couchard). Introduction Enterprises are increasingly using cloud infrastructure to take advantage of its underlying benefits. Unlike traditional data centres, cloud infrastructure affords business…

Read more →

Written by Mitigant (Kennedy Torkura) and Sekoia.io Threat Detection and Research (TDR) team (Erwan Chevalier and Guillaume Couchard). Introduction Enterprises are increasingly using cloud infrastructure to take advantage of its underlying benefits. Unlike traditional data centres, cloud infrastructure affords business…

Read more →

Key Takeaways Sekoia.io investigated the mysterious 7777 botnet (aka. Quad7 botnet), published by the independent researcher Git7w0rm inside the “The curious case of the 7777 botnet” blogpost.   This investigation allowed us to intercept network communications and malware deployed on…

Read more →

In today’s digital age, small and medium enterprises (SMEs) are facing unprecedented cybersecurity challenges. The threat landscape has evolved dramatically, with malicious actors constantly seeking out the weakest links, including those within supply chains. La publication suivante Technological Evolution and…

Read more →

In today’s digital age, small and medium enterprises (SMEs) are facing unprecedented cybersecurity challenges. The threat landscape has evolved dramatically, with malicious actors constantly seeking out the weakest links, including those within supply chains. La publication suivante Technological Evolution and…

Read more →

This report was originally published for our customers on 20 June 2024. Today, the Check Point Research (CPR) team published a report on the same implant, providing details of recent MuddyWater campaigns. Introduction On June 9 2024, ClearSky tweeted about a new…

Read more →

This report was originally published for our customers on 20 June 2024. Today, the Check Point Research (CPR) team published a report on the same implant, providing details of recent MuddyWater campaigns. Introduction On June 9 2024, ClearSky tweeted about a new…

Read more →

At Sekoia.io, the integration of the MITRE ATT&CK framework into our Security Operations Center (SOC) platform is a cornerstone of our approach to cybersecurity. The ATT&CK framework serves as a comprehensive knowledge base of cyber adversary behavior and a taxonomy…

Read more →

During the first semester of 2024, FakeBat (aka EugenLoader, PaykLoader) was one of the most widespread loaders using the drive-by download technique. La publication suivante Exposing FakeBat loader: distribution methods and adversary infrastructure est un article de Sekoia.io Blog. This…

Read more →

In my previous article, I gave an overview of the current transformation of the cybersecurity market, marked by major acquisitions and mergers among key players, and how new generation players profoundly affect SOC and MSSP models. We continue this series…

Read more →

The cybersecurity market is undergoing significant transformation marked by major acquisitions and mergers among key players. Traditional on-premise solutions are being replaced by comprehensive, SaaS-based platforms that offer faster deployment, lower costs, and superior capabilities. La publication suivante What’s up…

Read more →