Tag: Sekoia.io Blog

This article on was originally distributed as a private report to our customers. Introduction Once upon a time, in the land of the CMS honeypot, a curious threat named Mimo crept silently through the digital woods. Unlike your typical fairytale…

Read more →

This blog post analyzes the Vicious Trap, a honeypot network deployed on compromised edge devices. La publication suivante ViciousTrap – Infiltrate, Control, Lure: Turning edge devices into honeypots en masse.  est un article de Sekoia.io Blog. This article has been…

Read more →

During our daily tracking and analysis routine at Sekoia TDR team (Threat Detection & Research), we have been monitoring an attacker infrastructure internally called “Cloudflare tunnel infrastructure to deliver multiple RATs”.  This infrastructure is used by several actors to host…

Read more →

During our daily tracking and analysis routine at Sekoia TDR team (Threat Detection & Research), we have been monitoring an attacker infrastructure internally called “Cloudflare tunnel infrastructure to deliver multiple RATs”.  This infrastructure is used by several actors to host…

Read more →

Introduction Interlock is a ransomware intrusion set first observed in September 2024 that conducts Big Game Hunting and double extortion campaigns. Interlock cannot be classified as a “Ransomware-as-a-Service” (RaaS) group, as no advertisements for recruiting affiliates or information about affiliates…

Read more →

Introduction Interlock is a ransomware intrusion set first observed in September 2024 that conducts Big Game Hunting and double extortion campaigns. Interlock cannot be classified as a “Ransomware-as-a-Service” (RaaS) group, as no advertisements for recruiting affiliates or information about affiliates…

Read more →

At CES in January 2025, Nvidia CEO Jenson Huang stood before the audience and described the direction of travel in Artificial Intelligence; The Sekoia platform has always been at the bleeding edge of each AI wave, empowering SOC teams to…

Read more →

This post was originally distributed as a private FLINT report to our customers on 21 March 2025. Introduction In March 2025, Bybit, an UAE-based crypto exchange platform, was targeted by Lazarus, a state-sponsored intrusion set attributed to the Democratic People’s…

Read more →

This post was originally distributed as a private FLINT report to our customers on 21 March 2025. Introduction In March 2025, Bybit, an UAE-based crypto exchange platform, was targeted by Lazarus, a state-sponsored intrusion set attributed to the Democratic People’s…

Read more →

ClearFake is a malicious JavaScript framework deployed on compromised websites to deliver malware through the drive-by download technique. When it first emerged in July 2023, the injected code was designed to display a fake web browser download page, tricking users…

Read more →

Introduction ClearFake is a malicious JavaScript framework deployed on compromised websites to deliver malware through the drive-by download technique. When it first emerged in July 2023, the injected code was designed to display a fake web browser download page, tricking…

Read more →

Following our first article explaining our detection approach and associated challenges, the second one detailing the regular and automated actions implemented through our CI/CD pipelines, we will now conclude this series by presenting the continuous improvement loop that allows us…

Read more →

Following our first article explaining our detection approach and associated challenges, the second one detailing the regular and automated actions implemented through our CI/CD pipelines, we will now conclude this series by presenting the continuous improvement loop that allows us…

Read more →

This blog post analyzes the PolarEdge backdoor and its associated botnet, offering insights into the adversary’s infrastructure. La publication suivante PolarEdge: Unveiling an uncovered ORB network est un article de Sekoia.io Blog. This article has been indexed from Sekoia.io Blog…

Read more →

This blog post analyzes the PolarEdge backdoor and its associated botnet, offering insights into the adversary’s infrastructure. La publication suivante PolarEdge: Unveiling an uncovered ORB network est un article de Sekoia.io Blog. This article has been indexed from Sekoia.io Blog…

Read more →

This blog post analyzes the PolarEdge backdoor and its associated botnet, offering insights into the adversary’s infrastructure. La publication suivante PolarEdge: Unveiling an uncovered IOT Botnet est un article de Sekoia.io Blog. This article has been indexed from Sekoia.io Blog…

Read more →

This report provides an overview of the main actors involved in malicious campaigns impacting the financial sector in 2024. It follows up on a previous Sekoia report focusing on the emerging trends in the financial cyber threat landscape. La publication…

Read more →

This article is also available in French here. Today, we are pleased to celebrate a major achievement for Sekoia.io with the attainment of the ISO/IEC 27001:2022 certification. In this blog post, we’ll explain the journey to this high-end certification. What…

Read more →

This article was originally distributed as a private FLINT report to our customers on 29 January 2025. Introduction During our daily tracking and analysis routine at TDR (Threat Detection & Research), we have been monitoring a technique known as ClickFix12.…

Read more →

In this article, we will build upon the previous discussion of our detection approach and associated challenges by detailing the regular and automated actions implemented through our CI/CD pipelines. La publication suivante Detection engineering at scale: one step closer (part…

Read more →