Leveraging Landlock telemetry for Linux detection engineering ⤵️ blog.sekoia.io/leveraging-l...

"I paid twice" ⤵️ blog.sekoia.io/phishing-cam...

TransparentTribe⤵️ blog.sekoia.io/transparentt...

APT28⤵️ blog.sekoia.io/apt28-operat...

Predators for hire ⤵️ blog.sekoia.io/predators-fo...

TechNadu interviewed François Deruty (@derutyf.bsky.social), Chief Intelligence Officer of @sekoia.io, to get answers about innovations observed in cybercrime operations, challenges faced by CIOs, and adjustments to intelligence programs. Read the interview⤵️ #AI #Cybersecurity #GenerativeAI #CTI

📝 Our latest #TDR report delivers an in-depth analysis of Adversary-in-the-Middle (#AitM) #phishing threats - targeting Microsoft 365 and Google accounts - and their ecosystem. This report shares actionable intelligence to help analysts detect and investigate AitM phishing.

Vicious trapèze ⤵️ blog.sekoia.io/vicioustrap-...

Interlock⤵️ blog.sekoia.io/interlock-ra...

Clickfake ⤵️ blog.sekoia.io/clickfake-in...

Clearfake ⤵️ blog.sekoia.io/clearfakes-n...

PolarEdge ⤵️ blog.sekoia.io/polaredge-un...

Cyber threats impacting the financial sector: focus on the main actors We're thrilled to announce the release of the latest strategic report by Sekoia #TDR. This analysis highlights key cyber threats to the #financial sector in 2024. https://buff.ly/3D3IZl7

Cyber threats against financial sector⤵️ blog.sekoia.io/cyber-threat...

New paper⤵️ blog.sekoia.io/ratatouille-...

Detection part two⤵️ blog.sekoia.io/detection-en...

🚨To strengthen the #investigation and #detection capabilities of the Sekoia.io Threat Detection & Research (TDR) team, we are looking for a Senior Technical Threat Researcher! www.welcometothejungle.com/fr/companies... #CTI #DetectionEngineering

If you are passionate about cyber threat intelligence, this offer is for you! ⤵️ www.welcometothejungle.com/fr/companies...

New campaign ⤵️ blog.sekoia.io/targeted-sup...

Around 1,000 malicious domains are hosting webpages impersonating Reddit and WeTransfer, redirecting users to download password-protected archives These archives contain an AutoIT dropper, we internally named #SelfAU3 Dropper at @sekoia.io, which executes #Lumma Stealer IoCs ⬇️

New AiTM phishing as a service ⤵️ blog.sekoia.io/sneaky-2fa-e...

FBI deletes Chinese PlugX malware from thousands of US computers

The DOJ worked with French authorities and Sekoia.io to remove PlugX malware from thousands of devices around the world therecord.media/doj-deletes-...

International cooperation, proud of TDR team from @sekoia.io ⤵️ www.justice.gov/opa/pr/justi...

🇷🇺 #DoubleTap Campaign: #Russia-nexus APT possibly related to #APT28 conducts cyber espionage on Central Asia and Kazakhstan diplomatic relations https://buff.ly/3WEwPG7

Double-tap campaign ⤵️ blog.sekoia.io/double-tap-c...

Feedbacks on a botnet disinfection campaign ⤵️ blog.sekoia.io/plugx-worm-d...

Happy Yara Xmas ! ⤵️ blog.sekoia.io/happy-yara-c...

Want to talk about detection? ⤵️ blog.sekoia.io/detection-en...

🎯 Ransomware-driven data #exfiltration: techniques and implications Our new #TDR report focuses on the exfiltration techniques leveraged by #ransomware and #extortion groups. https://buff.ly/415o0ry #ThreatIntelligence #Detection

Wanna talk about exfiltration ? ⤵️ blog.sekoia.io/ransomware-d...

Helldown ⤵️ blog.sekoia.io/helldown-ran...

New paper ⤵️ blog.sekoia.io/a-three-beat...

Assessing cyber threats to elections⤵️ blog.sekoia.io/guarding-dem...

New paper ⤵️ blog.sekoia.io/the-architec...

Diceloader ⤵️ blog.sekoia.io/unveiling-th...

New paper ⤵️ blog.sekoia.io/securing-gol...

🪪 Our new blog post explores the importance of Identity and Access Management (#IAM) event #detection. We focus at how Sekoia.io set up detection rules for @okta and @JumpCloud technologies. blog.sekoia.io/iam-detectio... #DetectionEngineering #Cloud #SOCplatform

CALISTO doxxing ⤵️ blog.sekoia.io/calisto-doxx...

🏦 Our latest report provides insights on the cyber threats impacting the #financial sector in 2023. We analysed the trends in lucrative and state-sponsored ecosystems and outlined the most notable evolutions. For more details, check out our blog post: blog.sekoia.io/unmasking-th...

#DarkGate gained popularity among threat actors (e.g: #TA577, #DuckTail), our #RE analysis details the internals of the malware, how it implements technique to evade defenses: Union-API, token theft via UpdateProcThreadAttribute, APC injection. blog.sekoia.io/darkgate-int...

Darkgate internals ⤵️ blog.sekoia.io/darkgate-int...

New blogpost ⤵️ blog.sekoia.io/game-over-ga...

🔍 We recently conducted an in-depth analysis of #AridViper, an intrusion set believed to have ties with #Hamas. Also known as APT C-23, #MoleRATs, #GazaCyberGang, or #DesertFalcon, AridViper has been reportedly active since 2012. blog.sekoia.io/aridviper-an... #CTI #APT

Le @cert-fr.bsky.social vient de publier un mémo sur les campagnes d'attaques APT28 depuis 2021. En plus de décrire les techniques utilisées, le mémo contient plein de recommandations pour s'en prémunir. A lire avec attention ! www.cert.ssi.gouv.fr/cti/CERTFR-2...

our last analysis of ClearFake ⤵️ blog.sekoia.io/clearfake-a-ne…