Elevating Cybersecurity: The Sekoia.io Methodology for Advanced Detection Engineering - Sekoia.io Blog
Learn how Sekoia.io stay ahead of the curve with sophisticated detection engineering strategies and proactive threat anticipation.| Sekoia.io Blog
Learn how Sekoia.io stay ahead of the curve with sophisticated detection engineering strategies and proactive threat anticipation.| Sekoia.io Blog
Explore the 2025 landscape of Adversary-in-the-Middle phishing threats with data, trends, and top detection insights.| Sekoia.io Blog
Detect the ClickFix tactic: a social engineering technique using fake video calls and CAPTCHA pages to deploy malicious code.| Sekoia.io Blog
Sekoia.io builds a CTI (cyber threat intelligence) that aims to be operationalized into detection and hunting activities.| Sekoia.io Blog
This article shows how automation can reduce cybersecurity risks. Read and discover how you can reduce cyber-risks.| Sekoia.io Blog
Discover how the Tactics, Techniques and Procedures (TTPs) used by the APT27 (Lucky Mouse) are detected using Sekoia.io.| Sekoia.io Blog
About us This blog is your trusted source for cutting-edge insights in CTI and SOC. Curated by the Threat Detection & Research team and other experts at Sekoia.io, it is dedicated to empowering cybersecurity professionals, researchers, and enthusiasts with actionable intelligence and industry-leading expertise. Our mission is simple: to keep you informed, prepared, and empowered […]| Sekoia.io Blog
Enhance your security with Detection-as-Code (DaC). Discover the benefits of code-driven threat detection for MSSPs and SOC teams.| Sekoia.io Blog
Discover how SSDP are transforming SOCs and boosts MSSP activities into MDR and now MXDR services, transforming security service delivery.| Sekoia.io Blog
Our TDR team has been investigating the WebDAV infrastructure used to distribute the Emmenhtal loader. Here are some key insights:| Sekoia.io Blog
Sekoa.io helps companies to protect their cloud perimeters (AWS, Google Cloud, Azure). Enhance your cloud security with our in-built rules!| Sekoia.io Blog
Uncover an in-depth analysis of PikaBot, a malware loader used by Initial Access Brokers for network compromise and ransomware deployment.| Sekoia.io Blog
In 2024, EDR and XDR are merging, with platforms now covering endpoints, networks, cloud, and email to combat threats. This article explores their roles, differences, and the importance of managed security services in enhancing cybersecurity.| Sekoia.io Blog
Uncover an in-depth analysis of FakeBat: activities of the FakeBat operators, undocumented campaigns, and C2 infrastructure.| Sekoia.io Blog
Analyse the ClickFix tactic and related campaigns. Uncover a ClickFix campaign impersonating Google Meet and cybercrime infrastructure.| Sekoia.io Blog
How can we provide Sekoia.io XDR's users with more than 500 detection rules to overcome the limitations of SIEM technology?| Sekoia.io Blog
The global shift towards cloud computing is undeniable. According to Statista, the worldwide public cloud computing market continues to grow and is expected to reach an estimated 679 billion...Read More| Sekoia.io Blog
This blog post deals with the different products of Microsoft Defender Antivirus and also reports on the detection engineering around MDAV.| Sekoia.io Blog
This report explores current trends in the AitM phishing landscape and the prevalence of leading kits. La publication suivante Global analysis of Adversary-in-the-Middle phishing threats est un article de Sekoia.io Blog.| Sekoia.io Blog
As the cyber threat landscape evolves and the digital landscape changes, regulatory frameworks continue to emerge, aiming to bolster the security posture of organisations, particularly in the financial sector. One such regulation is the Digital Operational Resilience Act (DORA), effective since January 2025, which sets stringent security requirements for financial entities operating within the European […] La publication suivante Navigating DORA: How Sekoia.io can support your compliance jo...| Sekoia.io Blog
Analysis of the CVE-2025-32432 compromise chain by Mimo: exploitation, loader, crypto miner, proxyware, and detection opportunities.| Sekoia.io Blog
Discover ViciousTrap, a newly identified threat who turning edge devices into honeypots en masse targeting| Sekoia.io Blog
Enhance your security with IoCs. Discover how they identify threats in your logs and strengthen your overall security posture effectively.| Sekoia.io Blog
During our daily tracking and analysis routine at Sekoia TDR team (Threat Detection & Research), we have been monitoring an attacker infrastructure internally called “Cloudflare tunnel infrastructure to deliver multiple RATs”. This infrastructure is used by several actors to host malicious files and deliver remote access trojans (RAT). Several security vendors (Forcepoint, Fortinet, Orange, Proofpoint) […] La publication suivante Detecting Multi-Stage Infection Chains Madness est un...| Sekoia.io Blog
Introduction Interlock is a ransomware intrusion set first observed in September 2024 that conducts Big Game Hunting and double extortion campaigns. Interlock cannot be classified as a “Ransomware-as-a-Service” (RaaS) group, as no advertisements for recruiting affiliates or information about affiliates have been found as of March 2025. As many other ransomware groups, Interlock has a […] La publication suivante Interlock ransomware evolving under the radar est un article de Sekoia.io Blog.| Sekoia.io Blog
Explore the impact of Agentic AI in SOC operations and how it boosts efficiency and effectiveness for SOC teams.| Sekoia.io Blog
Explore a use-case scenario demonstrating how to detect scattered spider attacks in AWS environments and enhance your cloud security.| Sekoia.io Blog
Discover how Lazarus leverages fake job sites in the ClickFake Interview campaign targeting crypto firms using the ClickFix tactic.| Sekoia.io Blog
ClearFake is a malicious JavaScript framework deployed on compromised websites to deliver malware through the drive-by download technique. When it first emerged in July 2023, the injected code was designed to display a fake web browser download page, tricking users into downloading counterfeit browser updates. By May 20241, ClearFake adopted the new social engineering tactic ClickFix, displaying fake error messages in the web browser and deceiving users into copying and executing a given mali...| Sekoia.io Blog
Discover the power of detection engineering and how it can help scale your cybersecurity projects efficiently.| Sekoia.io Blog
Discover PolarEdge, a newly identified botnet targeting edge devices via CVE-2023-20118, using a stealthy TLS backdoor.| Sekoia.io Blog
Delve into Finance-related cyber threats in 2024. Our report highlights major actors and tactics impacting the financial sector.| Sekoia.io Blog
Discover in this article, all the news features of Sekoia.io XDR and CTI platform (SIGMA, design and MITRE ATT&CK).| Sekoia.io Blog
Discover the challenges of ClickFix12 and the newly identified I2PRAT. Uncover the advanced techniques employed by this multi-stage RAT.| Sekoia.io Blog
Discover the power of detection engineering and how it can help scale your cybersecurity projects efficiently.| Sekoia.io Blog
In this blog post, learn about the supply chain attack targeting Chrome browser extensions and the associated targeted phishing campaign.| Sekoia.io Blog
In this blog post, learn about Sneaky 2FA, a new Adversary-in-the-Middle (AiTM) phishing kit targeting Microsoft 365 accounts.| Sekoia.io Blog
Discover daily YARA usage at Sekoia.io TDR. Learn how YARA rules identify threats and aid in investigations and DFIR engagements.| Sekoia.io Blog
Discover how Sekoia.io addresses SOC and Detection Engineering challenges with innovative continuous monitoring and review approaches.| Sekoia.io Blog
Experience the creativity and teamwork behind Sekoia.io Custom Integrations. Go behind the scenes of our traditional hackathon.| Sekoia.io Blog
Sekoia.io analysts further investigated Bluenoroff’s infrastructure and share their findings in this report.| Sekoia.io Blog
On a calm Friday afternoon, rumors of a new active threat starts hitting the various social network websites. Your CSIRT team starts checking the private channels they have with other CERTs and starts compiling a list of Indicators of Compromise (IoCs). After careful consideration, they decided to block all communications with these IoCs on the […]| Sekoia.io Blog
les xdr sont les solutions de choix pour lutter contre les menaces ransomware et arrêter les attaques avant impact...| Sekoia.io Blog
Discover how new cybersecurity tools can revolutionize SOC operations. Boost efficiency and stay ahead of cyber threats with integrated solutions.| Sekoia.io Blog
Stealc infostealer is another fully featured infostealer sold as a MaaS which emerged on underground forums in early 2023.| Sekoia.io Blog
Learn about the transformation happening in the cybersecurity market and the benefits of migrating to SaaS-based platforms.| Sekoia.io Blog
Uncover the details of the DoppelGänger campaign, a Russian influence operation aimed at undermining support for Ukraine.| Sekoia.io Blog
Learn about main log sources for AWS and relevant events defenders could use to improve detection capabilities against attackers.| Sekoia.io Blog
Tycoon 2FA has become one of the most widespread adversary-in-The-Middle (AiTM) phishing kits over the last few months.| Sekoia.io Blog
Learn about NoName057(16), a pro-Russian hacktivist group behind Project DDoSia targeting entities supporting Ukraine. Discover an overview of the changes made by the group, both from the perspective of the software shared by the group to generate DDoS attacks and the specifics of the evolution of the C2 servers. It also provides an overview of the country and sectors targeted by the group for 2024.| Sekoia.io Blog
Since September 2022, Aurora malware is advertised as an infostealer and several traffers teams announced they added it to their malware toolset.| Sekoia.io Blog
Discover our TDR team's revelations about Predator spyware: its C2 infrastructure and list of countries still using its cyber espionage tool.| Sekoia.io Blog
Discover the techniques, tactics (TTPs) used by Scattered Spider intrusion set, including social engineering and targeted phishing campaigns.| Sekoia.io Blog
Explore how Endpoint Agent differs from EDR and collects events to forward logs to Sekoia XDR for in-depth analysis against detection rules.| Sekoia.io Blog
Sekoia.io C2 Trackers identified more than 85,000 IP addresses used as C2 servers in 2023, an increase of more than 30% compared to 2022.| Sekoia.io Blog
Discover the importance of IAM event detection and why it's vital to protecting digital assets from cyber threats.| Sekoia.io Blog
This article sheds light on one of the infrastructure clusters employed by Lycantrox, potentially to compromise their targets.| Sekoia.io Blog
PrivateLoader is a downloader malware family. It is used as part of a PPI service, to deliver payloads of multiple malware families.| Sekoia.io Blog
Traffers are responsible for redirecting user traffic to malicious content (malware, fraud, phishing, scam) exploited by other threat actors.| Sekoia.io Blog
On June 10, 2022, SEKOIA.IO analysts stumbled upon active servers hosting a web page named “Raccoon Stealer 2.0”. Discover their research.| Sekoia.io Blog
