Tag: Sekoia.io Blog

In the third part of our series “Advent of Configuration Extraction”, we dissect SNOWLIGHT, a lightweight ELF downloader designed to retrieve and execute a remote payload on Linux systems.  To extract the SNOWLIGHT configuration, and specifically the Command and Control…

Read more →

Introduction The European Union (EU) continues to solidify its cybersecurity landscape through ambitious, horizontal regulations. In addition to the NIS 2 Directive and the Digital Operational Resilience Act (DORA), the Cyber Resilience Act (CRA) establishes a comprehensive framework aimed at…

Read more →

In the second part of our “Advent of Configuration Extraction” series, we unwrap QuasarRAT, a popular .NET remote access trojan (RAT), and show how to extract its encrypted configuration out of the binary. The article begins by detailing the environment:…

Read more →

Some portions of this article were first distributed as a private report to our customers in June 2025. In May and June 2025, TDR team analysts were contacted by two organisations — including the French NGO Reporters Without Borders (RSF)…

Read more →

This article is the opening chapter of a four-part Advent of Configuration Extraction series. The series outlines the methodology we employ at Sekoia’s Threat Detection & Research (TDR) team to automate the extraction of malware configuration data, from initial analysis…

Read more →

This article was originally distributed as a private report to our customers. Table of contents Introduction From Hotels to Guests: the First Breach Malicious emails ClickFix infection chain Step 1: redirection steps Step 2: ClickFix tactic Step 3: malware delivery…

Read more →

This post was originally distributed as a private FLINT report to our customers on 14 October 2025. It contains a complete list of IOCs, YARA rules, and a chapter dedicated to detection and hunting opportunities specific to this infection chain.…

Read more →

This undocumented field of sign-in events is a bitfield where each bit represents a different authentication method. La publication suivante Decoding UserAuthenticationMethod in Microsoft 365 audit logs: the bitfield mapping est un article de Sekoia.io Blog. This article has been…

Read more →

Last month, the Sekoia.io Tech & Product teams decamped in southern Brittany for our 2025 internal Hackathon. Over three intense days, seven self-organized squads took on one mission: deliver measurable, customer-centric enhancements to the AI-SOC platform. From faster page loads…

Read more →

This post was originally distributed as a private FLINT report to our customers on 15 July 2025. Introduction In early 2025, we published a blogpost reporting on a botnet we dubbed PolarEdge, first detected in January 2025, when our honeypots…

Read more →

This article on was originally distributed as a private report to our customers. Introduction The monitoring and analysis of vulnerability exploitations are among the primary responsibilities of Sekoia.io’s Threat Detection & Research (TDR) team. Using our honeypots, we monitor traffic…

Read more →

This post was originally distributed as a private FLINT report to our customers on 12 August 2025. Introduction Sekoia.io’s Threat Detection and Response (TDR) team closely monitors APT28 as one of its highest-priority threat actors. In early 2025 a trusted…

Read more →

This post was originally distributed as a private FLINT report to our customers on 12 August 2025. Introduction Sekoia.io’s Threat Detection and Response (TDR) team closely monitors APT28 as one of its highest-priority threat actors. In early 2025 a trusted…

Read more →

This report provides an overview of the commercial surveillance vendors ecosystem between 2010 and 2025, analysing their spyware offerings, business models, client base, target profiles, and infection chains. La publication suivante Predators for Hire: A Global Overview of Commercial Surveillance…

Read more →

This report explores current trends in the AitM phishing landscape and the prevalence of leading kits. La publication suivante Predators for Hire: A Global Overview of Commercial Surveillance Vendors est un article de Sekoia.io Blog. This article has been indexed…

Read more →

This report explores current trends in the AitM phishing landscape and the prevalence of leading kits. La publication suivante Global analysis of Adversary-in-the-Middle phishing threats est un article de Sekoia.io Blog. This article has been indexed from Sekoia.io Blog Read…

Read more →

This report explores current trends in the AitM phishing landscape and the prevalence of leading kits. La publication suivante Global analysis of Adversary-in-the-Middle phishing threats est un article de Sekoia.io Blog. This article has been indexed from Sekoia.io Blog Read…

Read more →

As the cyber threat landscape evolves and the digital landscape changes, regulatory frameworks continue to emerge, aiming to bolster the security posture of organisations, particularly in the financial sector. One such regulation is the Digital Operational Resilience Act (DORA), effective…

Read more →

As the cyber threat landscape evolves and the digital landscape changes, regulatory frameworks continue to emerge, aiming to bolster the security posture of organisations, particularly in the financial sector. One such regulation is the Digital Operational Resilience Act (DORA), effective…

Read more →

This article on was originally distributed as a private report to our customers. Introduction Once upon a time, in the land of the CMS honeypot, a curious threat named Mimo crept silently through the digital woods. Unlike your typical fairytale…

Read more →