Introduction Interlock is a ransomware intrusion set first observed in September 2024 that conducts Big Game Hunting and double extortion campaigns. Interlock cannot be classified as a “Ransomware-as-a-Service” (RaaS) group, as no advertisements for recruiting affiliates or information about affiliates…
Category: Sekoia.io Blog
The evolution of the AI SOC: From Hype to Hyper
At CES in January 2025, Nvidia CEO Jenson Huang stood before the audience and described the direction of travel in Artificial Intelligence; The Sekoia platform has always been at the bleeding edge of each AI wave, empowering SOC teams to…
From Contagious to ClickFake Interview: Lazarus leveraging the ClickFix tactic
This post was originally distributed as a private FLINT report to our customers on 21 March 2025. Introduction In March 2025, Bybit, an UAE-based crypto exchange platform, was targeted by Lazarus, a state-sponsored intrusion set attributed to the Democratic People’s…
From Contagious to ClickFake Interview: Lazarus leveraging the ClickFix tactic
This post was originally distributed as a private FLINT report to our customers on 21 March 2025. Introduction In March 2025, Bybit, an UAE-based crypto exchange platform, was targeted by Lazarus, a state-sponsored intrusion set attributed to the Democratic People’s…
ClearFake’s New Widespread Variant: Increased Web3 Exploitation for Malware Delivery
ClearFake is a malicious JavaScript framework deployed on compromised websites to deliver malware through the drive-by download technique. When it first emerged in July 2023, the injected code was designed to display a fake web browser download page, tricking users…
ClearFake’s New Widespread Variant: Increased Web3 Exploitation for Malware Delivery
Introduction ClearFake is a malicious JavaScript framework deployed on compromised websites to deliver malware through the drive-by download technique. When it first emerged in July 2023, the injected code was designed to display a fake web browser download page, tricking…
Detection engineering at scale: one step closer (part three)
Following our first article explaining our detection approach and associated challenges, the second one detailing the regular and automated actions implemented through our CI/CD pipelines, we will now conclude this series by presenting the continuous improvement loop that allows us…
Detection engineering at scale: one step closer (part three)
Following our first article explaining our detection approach and associated challenges, the second one detailing the regular and automated actions implemented through our CI/CD pipelines, we will now conclude this series by presenting the continuous improvement loop that allows us…
PolarEdge: Unveiling an uncovered ORB network
This blog post analyzes the PolarEdge backdoor and its associated botnet, offering insights into the adversary’s infrastructure. La publication suivante PolarEdge: Unveiling an uncovered ORB network est un article de Sekoia.io Blog. This article has been indexed from Sekoia.io Blog…
PolarEdge: Unveiling an uncovered ORB network
This blog post analyzes the PolarEdge backdoor and its associated botnet, offering insights into the adversary’s infrastructure. La publication suivante PolarEdge: Unveiling an uncovered ORB network est un article de Sekoia.io Blog. This article has been indexed from Sekoia.io Blog…