Summary:
This report discusses the ClickFix social engineering tactic, which utilizes deceptive web pages to trick users into executing malicious PowerShell commands, leading to system infections. The analysis highlights various…Author: SekoiaIO
The article discusses a phishing campaign utilizing the Mamba 2FA phishing kit, which mimics Microsoft 365 login pages and employs advanced techniques to capture user credentials and multi-factor …
Short Summary:
This report discusses a series of cyberattacks attributed to the 8220 Gang, targeting Oracle WebLogic servers through the exploitation of critical vulnerabilities. The attackers deployed various malware, including …
In early 2024, the Sekoia Threat Detection & Research team investigated a suspicious script on a Kurdish website that prompted users to activate their webcams and share their …
Short Summary:
This report discusses the ongoing monitoring of the Emmenhtal loader, a stealthy malware loader used for distributing various infostealers. The analysis highlights the use of WebDAV technology for …
Short Summary:
Sekoia.io conducted a proactive hunt for typosquatted domains related to the Paris 2024 Olympics, identifying over 650 suspicious domains. The analysis revealed a significant number of domains aimed …
The Sekoia TDR team has uncovered new developments related to the Quad7 botnet operators, who are compromising various SOHO routers and VPN appliances. The operators are evolving their …
Written by Mitigant (Kennedy Torkura) and Sekoia.io Threat Detection and Research (TDR) team (Erwan Chevalier and Guillaume Couchard).
Table of contents IntroductionEnterprises are increasingly using cloud infrastructure to take …
This report was originally published for our customers on 20 June 2024.
Today, the Check Point Research (CPR) team published a report on the same implant, providing details of recent MuddyWater campaigns.…
Over the past few years, cybercriminals have increasingly used the drive-by download technique to distribute malware via user web browsing. This technique mostly involves SEO-poisoning, malvertising, …
Between 27 and 29 May 2024, international law enforcement agencies and partners conducted the Operation Endgame to disrupt criminal services, notably through taking down key botnet infrastructures, including those of …
This time, we’re not revealing a new cyber threat investigation or analysis, but I want to share some insights about the team behind all Sekoia Threat Intelligence and Detection Engineering …
This report was originally published for our customers on 14 May 2024.
Executive summary The DoppelGänger campaign is an ongoing influence campaign, starting from May 2022 and attributed to the…This report was originally published for our customers on 2 May 2024.
As part of our critical vulnerabilities monitoring routine, Sekoia’s Threat & Detection Research (TDR) team deploys and supervises …
To enhance our threat intelligence, improve detection and identify new threats, Sekoia.io analysts perform continuous hunting and detection engineering every day to give our customers more options to protect …
To enhance our threat intelligence, improve detection and identify new threats, Sekoia analysts engage in continuous hunting to address the main threats affecting our customers. For this, we proactively …
Written by World Watch team from CERT Orange Cyberdefense (Marine PICHON, Vincent HINDERER, Maël SARP and Ziad MASLAH) and Sekoia TDR team (Livia TIBIRNA, Amaury G. and Grégoire CLERMONT)
TL;DR…As of today, a large majority of intrusion sets and threat actors leverage crypters prior to delivering and executing malicious payloads on a target system. They use it to build …
Since the onset of the War in Ukraine, various groups identified as “nationalist hacktivists” have emerged, particularly on the Russian side, to contribute to the confrontation …
In September and October 2023, several open source publications, part of the Predator Files project coordinated by the European Investigative Collaborations, exposed the use of the Predator spyware by …
Scattered Spider (aka UNC3944, Scatter Swine, Muddled Libra, Octo Tempest, Oktapus, StarFraud) is a lucrative intrusion set active since at least May 2022, primarily engaged in …
Throughout 2023, Sekoia.io’s Threat Detection & Research (TDR) team actively tracked and monitored adversary C2 infrastructures set up and used by lucrative and state-sponsored intrusion sets to carry out …
FIN7 is an intrusion set operating since at least 2015. The group is known to be structured as a corporate business composed of Russian-speaking members. FIN7 …
The next Olympic Games hosted in Paris will take place from 26 July to 11 August 2024, while the Paralympic Games will be carried out from …
In the ever-changing cybersecurity landscape, Identity and Access Management (IAM) stands as the cornerstone of an organisation’s digital asset protection. IAM solutions play an essential role …