Category: Sekoia.io Blog

According to Global Cybersecurity Outlook 2024 by WEF, 29% of organizations reported that they had been materially affected by a cyber incident in the past 12 months. Due to increasing risks and expanded attack surface, companies seek to establish reliable…

Read more →

Context Throughout 2023, Sekoia.io’s Threat Detection & Research (TDR) team actively tracked and monitored adversary C2 infrastructures set up and used by lucrative and state-sponsored intrusion sets to carry out malicious cyber activities. Our analysts identified more than 85,000 IP…

Read more →

Context Throughout 2023, Sekoia.io’s Threat Detection & Research (TDR) team actively tracked and monitored adversary C2 infrastructures set up and used by lucrative and state-sponsored intrusion sets to carry out malicious cyber activities. Our analysts identified more than 85,000 IP…

Read more →

This report aims to detail the functioning of a malware used by FIN7 since 2021, named DiceLoader (also known Icebot), and to provide a comprehensive approach of the threat by detailing the related Techniques and Procedures. La publication suivante Unveiling…

Read more →

Expanding tech stack and increasing number of tools urge security operations teams to seek a one-stop solution for centralizing events and alerts. Under these conditions of growing risks, the Sekoia SOC platform becomes a silver-bullet solution for backing up SOC…

Read more →

Last month, Sekoia.io took part to NATO Cooperative Cyber Defence Centre of Excellence (CCDOE) Crossed Swords cyber exercise (aka XS23) organized in Tallinn, Estonia. Involving high-level expert teams from dozen of NATO member countries, Crossed Swords is a three-day unique…

Read more →

In September 2023, the Sekoia.io team embarked on a new intake development to integrate Zscaler ZIA logs into our SOC platform. After implementing Zscaler integration with a wide range of supported logs, events, and related built-in rules, our team shifted…

Read more →

Being PCI certified is a long journey. We started two years ago when we were discussing an extension of our coverage with a customer. This customer was processing card data and consequently had to be partnering with PCI-compliant security solutions…

Read more →

Sekoia.io recognizes the significant investment and effort that organizations have put into their existing security infrastructures. We also realize the flexibility needed to choose the best new tools for safeguarding critical assets and data. To enable this flexibility and streamline…

Read more →

Based on these observations and given the constantly evolving cyber threat landscape, we analysed cyber threats affecting previous editions of the Olympics, as well as the current geopolitical context to understand potential motivations of malicious actors to target this event,…

Read more →

Introduction  In the ever-changing cybersecurity landscape, Identity and Access Management (IAM) stands as the cornerstone of an organisation’s digital asset protection. IAM solutions play an essential role in managing user identities, controlling access to resources and ensuring compliance. As the…

Read more →

Investigation context On 7 December 2023, a joint advisory from the UK, USA, Canada, Australia and New Zealand attributed the previously known intrusion set Star Blizzard (aka CALISTO for Sekoia.io) to Russian Federal Security Bureau (FSB). The USA and UK…

Read more →

This report was originally published for our customers on 27 November 2023. As part of our critical vulnerabilities monitoring routine, Sekoia’s Threat & Detection Research (TDR) team deploys and supervises honeypots in different locations around the world to identify potential…

Read more →

Infection chains used by commodity malware are constantly evolving and use various tricks to bypass security measures and/or user awareness. BumbleBee, QNAPWorm, IcedID and Qakbot are all often used as first-stage malicious code, allowing other more specific payloads to be…

Read more →

Sekoia.io is proud to announce that it has achieved the Payment Card Industry Data Security Standard (PCI-DSS) compliance at Level 1. PCI-DSS compliance is a rigorous set of security standards designed to safeguard credit card information and audited by an…

Read more →

Introduction In the rapidly evolving cybersecurity landscape, staying ahead of potential threats requires a robust and comprehensive approach to managing IT assets. We are pleased to announce the beta release of our newest feature, Asset Discovery, which is designed to…

Read more →

This report aims at depicting recent trends in cyber threats impacting the financial sector worldwide. It focuses on principal tactics, techniques and procedures used by lucrative and state-sponsored intrusion sets by providing an analysis of evolutions observed in campaigns against…

Read more →

Introduction & Objectives DarkGate is sold as Malware-as-a-Service (MaaS) on various cybercrime forums by RastaFarEye persona, in the past months it has been used by multiple threat actors such as TA577 and Ducktail. DarkGate is a loader with RAT capabilities…

Read more →

Introduction The Query Builder is designed to simplify data exploration and enhance threat detection capabilities. This feature empowers Security Operations Center (SOC) teams to explore their data through an intuitive interface, enabling structured queries and insightful data aggregation for threat…

Read more →

This report was originally published for our customers on 26 October 2023. The world of online gaming, a thriving global community of millions, has become an enticing target for malicious actors seeking to exploit related vulnerabilities. In their engagement with…

Read more →