🇷🇺 French NGO Reporters Without Borders targeted by #Calisto in recent campaign
Sekoia #TDR analysed a recent #Calisto (aka #ColdRiver #Star Blizzard) spear-phishing campaign aimed at Reporters sans frontières and other #Ukraine-supporting organisations.
blog.sekoia.io/ngo-reporter...
Histoire et dissection du 𝑚𝑎𝑙𝑤𝑎𝑟𝑒 ou chargeur malveillant 🇷🇺 #Latrodectus par Pierre Le Bourhis @sekoia.io à #UYBHYS25
@uybhys.bsky.social
#TDR analysts dig into a modus operandi targeting the hospitality industry and the related cybercrime ecosystem that facilitates #phishing and #fraud campaigns.
blog.sekoia.io/phishing-cam...
After our initial #PolarEdge #botnet write-up, we’re happy to announce the second part: “Defrosting PolarEdge’s Backdoor,” a full technical deep-dive into its TLS-based implant.
blog.sekoia.io/polaredge-ba...
Je recherche un Threat Researcher pour l’équipe TDR de @sekoia.io !
Vous aimez faire des règles #Sigma et #Yara ? Vous adorez pivoter et traquer les infrastructures (C2) d’attaques des cybercriminels ?
Alors cette offre d’emploi est faite pour vous !
www.welcometothejungle.com/en/companies...
Key takeaways:
✉️ API exploitation: attackers leverage an exposed /cgi endpoint to push malicious SMS without authentication
🌐 Scale of exposure: over 18,000 routers accessible on the internet; 572 confirmed vulnerable
📱 Silent Smishing: The Hidden Abuse of Cellular Router APIs
Our latest #CTI investigation from Sekoia #TDR team uncovers a novel #smishing vector abusing Milesight industrial cellular router APIs to send phishing #SMS at scale.
blog.sekoia.io/silent-smish...
🐻 #APT28 – Operation Phantom Net Voxel: deep-dive into the latest spear-phishing campaign targeting Ukrainian military administrative staff.
blog.sekoia.io/apt28-operat...
[Threat investigation alert 🚨] Predators for Hire: A Global Overview of Commercial Surveillance Vendors
➡️ blog.sekoia.io/predators-fo...
🔥 Hot summer, sizzling crypto... and scammers turning up the heat 🔥
Back in March, Sekoia #TDR team published a deep-dive report on a #Lazarus cluster we dubbed #ClickFake Interview, leveraging the #ClickFix technique in their #ContagiousInterview campaign.
You can find the phishing kit sheets on our blog: blog.sekoia.io/global-analy...
And on our Community GitHub: github.com/SEKOIA-IO/Co...
These sheets aim to assist SOC analysts in detecting and investigating #AitM #phishing compromises by offering context, technical details, infrastructure overview, detection opportunities, and more.
All are available in the PDF report and our Community GitHub.
A few weeks ago, we published our global analysis of Adversary-in-the-Middle #phishing threats, providing actionable intelligence on multiple #AitM phishing kits.
This report includes 11 sheets covering the most widespread #AitM phishing kits as of Q1 2025.
📝 Our latest #TDR report delivers an in-depth analysis of Adversary-in-the-Middle (#AitM) #phishing threats - targeting Microsoft 365 and Google accounts - and their ecosystem.
This report shares actionable intelligence to help analysts detect and investigate AitM phishing.
🧀 The Sharp Taste of #Mimo’lette: Analyzing Mimo’s Latest Campaign targeting #Craft CMS
blog.sekoia.io/the-sharp-ta...
🪤 Sekoia #TDR's new exclusive research uncovers the #ViciousTrap, a honeypot network deployed on compromised edge devices.
blog.sekoia.io/vicioustrap-...
Our new report describes one of the latest observed infection chains (delivering #AsyncRAT) relying on the #Cloudflare tunnel infrastructure and the attacker’s #TTPs with a principal focus on detection opportunities.
blog.sekoia.io/detecting-mu...
Since the apparition of the #Interlock ransomware, the Sekoia #TDR team observed its operators evolving, improving their toolset (#LummaStealer and #BerserkStealer), and leveraging new techniques such as #ClickFix to deploy the ransomware payload.
blog.sekoia.io/interlock-ra...
🎉 It's not about a CTI investigation or a Detection Engineering topic, but today we are happy to announce that Sekoia.io has raised €26m!
www.sekoia.io/en/presse/se...
Retrouvez moi toute la journée au Forum INCYBER Europe (#FIC2025) pour Sekoia.io ! Rendez-vous stand #A17 pour échanger !
🇰🇵 Sekoia #TDR team investigated a malicious campaign that employs fake job interview websites to deliver backdoors on Windows and macOS - #GolangGhost using #ClickFix tactic. Dubbed #ClickFake Interview, this campaign has been attributed to #Lazarus APT
blog.sekoia.io/clickfake-in...
The conclusion (part three) of our series on #DetectionEngineering is finally here! buff.ly/dijB0fy
#ClearFake variant is now spreading #Rhadamanthys Stealer via #Emmenhtal Loader.
cc @plebourhis.bsky.social @sekoia.io
1. ClearFake framework is injected on compromised WordPress and relies on EtherHiding
2. The #ClickFix lure uses a fake Cloudflare Turnstile with unusual web traffic
⬇️
Using our #honeypots, we uncovered an unreported #botnet that has been operational since at least the end of November 2023. This #PolarEdge botnet has been focusing on #edge devices, particularly those made by #Cisco, #Asus, #QNAP, and #Synology.
https://buff.ly/4ibOEo8
Cyber threats impacting the financial sector: focus on the main actors
We're thrilled to announce the release of the latest strategic report by Sekoia #TDR. This analysis highlights key cyber threats to the #financial sector in 2024.
https://buff.ly/3D3IZl7
🔍 Large-scale detection engineering: part two! 🚀
In this article, we explore an innovative approach that transforms the execution of automated actions via CI/CD pipelines, enabling effective scaling and alignment with developer and DevOps practices.
🚨To strengthen the #investigation and #detection capabilities of the Sekoia.io Threat Detection & Research (TDR) team, we are looking for a Senior Technical Threat Researcher!
www.welcometothejungle.com/fr/companies...
#CTI #DetectionEngineering
TDR analysts analysed the supply chain attack targeting Chrome browser extensions, which potentially affected hundreds of thousands of end users in December 2024.
https://buff.ly/4auQ0HN
