New widespread EvilTokens kit: device code phishing as-a-service - Part 1 Uncover the new sophisticated EvilTokens device code phishing as-a-service, with AI-augmented features facilitating BEC fraud

Eviltokens ⤵️

blog.sekoia.io/new-widespre...

blog.sekoia.io/eviltokens-a...

Silver Fox: The Only Tax Audit Where the Fine Print Installs Malware Track the 2025-2026 shift of China-based Silver Fox from financial crime to APT espionage. Discover how they exploit tax-themed phishing and RMM tools to target South Asian entities.

Silver fox⤵️

blog.sekoia.io/silver-fox-t...

OysterLoader Unmasked: The Multi-Stage Evasion Loader Unmasking OysterLoader's evasion: from API hammering to custom LZMA. Explore the 4-stage infection chain and its ties to Rhysida ransomware.

OysterLoader ⤵️

blog.sekoia.io/oysterloader...

Meet IClickFix: a widespread WordPress-targeting framework using the ClickFix tactic Uncover IClickFix: a malicious framework exploiting the ClickFix tactic in widespread malware campaigns to deliver NetSupport RAT.

IClickfix ⤵️

blog.sekoia.io/meet-iclickf...

Leveraging Landlock telemetry for Linux detection engineering This blogpost explore how Landlock as an interesting security mechanism and a valuable source of telemetry for detection engineering.

Leveraging Landlock telemetry for Linux detection engineering ⤵️

blog.sekoia.io/leveraging-l...

"I paid twice" ⤵️

blog.sekoia.io/phishing-cam...

TransparentTribe⤵️

blog.sekoia.io/transparentt...

APT28 Operation Phantom Net Voxel APT28 Operation Phantom Net Voxel: weaponized Office lures, COM-hijack DLL, PNG stego to Covenant Grunt via Koofr, BeardShell on icedrive.

APT28⤵️

blog.sekoia.io/apt28-operat...

Predators for Hire: A Global Overview of Commercial Surveillance Vendors Explore the 2025 landscape of Adversary-in-the-Middle phishing threats with data, trends, and top detection insights.

Predators for hire ⤵️

blog.sekoia.io/predators-fo...

Exploiting Vulnerabilities Using AI at Machine Speed, the Alarming Number of Unpatched Devices, and Anticipating How Adversaries Think Sekoia.io on collaborating with Europol, dynamic behavior modelling for Gen AI threats, and pooling CTI from various sources

TechNadu interviewed François Deruty (@derutyf.bsky.social), Chief Intelligence Officer of @sekoia.io, to get answers about innovations observed in cybercrime operations, challenges faced by CIOs, and adjustments to intelligence programs.

Read the interview⤵️

#AI #Cybersecurity #GenerativeAI #CTI

📝 Our latest #TDR report delivers an in-depth analysis of Adversary-in-the-Middle (#AitM) #phishing threats - targeting Microsoft 365 and Google accounts - and their ecosystem.

This report shares actionable intelligence to help analysts detect and investigate AitM phishing.

ViciousTrap - Infiltrate, Control, Lure: Turning edge devices into honeypots en masse. Discover ViciousTrap, a newly identified threat who turning edge devices into honeypots en masse targeting

Vicious trapèze ⤵️

blog.sekoia.io/vicioustrap-...

Interlock ransomware evolving under the radar ClickFix ransomware attack uses deceptive prompts and PowerShell loaders to deploy threats like Interlock under the radar.

Interlock⤵️

blog.sekoia.io/interlock-ra...

From Contagious to ClickFake Interview: Lazarus leveraging the ClickFix tactic Discover how Lazarus leverages fake job sites in the ClickFake Interview campaign targeting crypto firms using the ClickFix tactic.

Clickfake ⤵️

blog.sekoia.io/clickfake-in...

ClearFake’s New Widespread Variant: Increased Web3 Exploitation for Malware Delivery ClearFake spreads malware via compromised websites, using fake CAPTCHAs, JavaScript injections, and drive-by downloads.

Clearfake ⤵️

blog.sekoia.io/clearfakes-n...

PolarEdge: Unveiling an uncovered ORB network Discover PolarEdge, a newly identified botnet targeting edge devices via CVE-2023-20118, using a stealthy TLS backdoor.

PolarEdge ⤵️

blog.sekoia.io/polaredge-un...

Cyber threats impacting the financial sector: focus on the main actors

We're thrilled to announce the release of the latest strategic report by Sekoia #TDR. This analysis highlights key cyber threats to the #financial sector in 2024.

https://buff.ly/3D3IZl7

Cyber threats impacting the financial sector in 2024 - focus on the main actors Delve into Finance-related cyber threats in 2024. Our report highlights major actors and tactics impacting the financial sector.

Cyber threats against financial sector⤵️

blog.sekoia.io/cyber-threat...

RATatouille: Cooking Up Chaos in the I2P Kitchen Discover the challenges of ClickFix12 and the newly identified I2PRAT. Uncover the advanced techniques employed by this multi-stage RAT.

New paper⤵️

blog.sekoia.io/ratatouille-...

Detection engineering at scale: one step closer (part two) Discover the power of detection engineering and how it can help scale your cybersecurity projects efficiently.

Detection part two⤵️

blog.sekoia.io/detection-en...

Sr Technical Threat Researcher - Sekoia.io - CDI - Télétravail total Sekoia.io recrute un(e) Sr Technical Threat Researcher !

🚨To strengthen the #investigation and #detection capabilities of the Sekoia.io Threat Detection & Research (TDR) team, we are looking for a Senior Technical Threat Researcher!

www.welcometothejungle.com/fr/companies...

#CTI #DetectionEngineering

Sr Technical Threat Researcher - Sekoia.io - CDI - Télétravail total Sekoia.io recrute un(e) Sr Technical Threat Researcher !

If you are passionate about cyber threat intelligence, this offer is for you! ⤵️

www.welcometothejungle.com/fr/companies...

Targeted supply chain attack against Chrome browser extensions In this blog post, learn about the supply chain attack targeting Chrome browser extensions and the associated targeted phishing campaign.

New campaign ⤵️

blog.sekoia.io/targeted-sup...

Around 1,000 malicious domains are hosting webpages impersonating Reddit and WeTransfer, redirecting users to download password-protected archives

These archives contain an AutoIT dropper, we internally named #SelfAU3 Dropper at @sekoia.io, which executes #Lumma Stealer

IoCs ⬇️

Sneaky 2FA: exposing a new AiTM Phishing-as-a-Service In this blog post, learn about Sneaky 2FA, a new Adversary-in-the-Middle (AiTM) phishing kit targeting Microsoft 365 accounts.

New AiTM phishing as a service ⤵️

blog.sekoia.io/sneaky-2fa-e...

FBI deletes Chinese PlugX malware from thousands of US computers ​The U.S. Department of Justice announced today that the FBI has deleted Chinese PlugX malware from over 4,200 computers in networks across the United States.

FBI deletes Chinese PlugX malware from thousands of US computers

DOJ deletes China-linked PlugX malware off more than 4,200 US computers U.S law enforcement accused the People’s Republic of China of paying hackers that are part of a well-known group called Mustang Panda to deploy the PlugX malware — which allows them to “infect, contro...

The DOJ worked with French authorities and Sekoia.io to remove PlugX malware from thousands of devices around the world

therecord.media/doj-deletes-...

International cooperation, proud of TDR team from @sekoia.io ⤵️

www.justice.gov/opa/pr/justi...

🇷🇺 #DoubleTap Campaign: #Russia-nexus APT possibly related to #APT28 conducts cyber espionage on Central Asia and Kazakhstan diplomatic relations

https://buff.ly/3WEwPG7

Double-Tap Campaign : Russia-nexus APT possibly related to APT28 conducts cyber espionage on Central Asia and Kazakhstan diplomatic relations Uncover the details of UAC-0063 cyberespionage campaign in Kazakhstan and its potential connection to APT28

Double-tap campaign ⤵️

blog.sekoia.io/double-tap-c...