Infection chains used by commodity malware are constantly evolving and use various tricks to bypass security measures and/or user awareness. BumbleBee, QNAPWorm, IcedID and Qakbot are all often used as first-stage malicious code, allowing other more specific payloads to be…
Category: Sekoia.io Blog
Sekoia.io achieves PCI-DSS compliance
Sekoia.io is proud to announce that it has achieved the Payment Card Industry Data Security Standard (PCI-DSS) compliance at Level 1. PCI-DSS compliance is a rigorous set of security standards designed to safeguard credit card information and audited by an…
Revolutionize your security strategy: Introducing automatic asset discovery
Introduction In the rapidly evolving cybersecurity landscape, staying ahead of potential threats requires a robust and comprehensive approach to managing IT assets. We are pleased to announce the beta release of our newest feature, Asset Discovery, which is designed to…
Unmasking the latest trends of the Financial Cyber Threat Landscape
This report aims at depicting recent trends in cyber threats impacting the financial sector worldwide. It focuses on principal tactics, techniques and procedures used by lucrative and state-sponsored intrusion sets by providing an analysis of evolutions observed in campaigns against…
DarkGate Internals
Introduction & Objectives DarkGate is sold as Malware-as-a-Service (MaaS) on various cybercrime forums by RastaFarEye persona, in the past months it has been used by multiple threat actors such as TA577 and Ducktail. DarkGate is a loader with RAT capabilities…
Unveiling the power of the new Query Builder in Sekoia SOC Platform
Introduction The Query Builder is designed to simplify data exploration and enhance threat detection capabilities. This feature empowers Security Operations Center (SOC) teams to explore their data through an intuitive interface, enabling structured queries and insightful data aggregation for threat…
Game Over: gaming community at risk with information stealers
This report was originally published for our customers on 26 October 2023. The world of online gaming, a thriving global community of millions, has become an enticing target for malicious actors seeking to exploit related vulnerabilities. In their engagement with…
Game Over: gaming community at risk with information stealers
This report was originally published for our customers on 26 October 2023. The world of online gaming, a thriving global community of millions, has become an enticing target for malicious actors seeking to exploit related vulnerabilities. In their engagement with…
AridViper, an intrusion set allegedly associated with Hamas
Given the recent events involving the Palestinian politico-military organisation Hamas which conducted on 7 October 2023 a military and terrorist operation in Israel, Sekoia.io took a deeper look into AridViper, an intrusion set suspected to be associated with Hamas. La…