This blog post analyzes the PolarEdge backdoor and its associated botnet, offering insights into the adversary’s infrastructure. La publication suivante PolarEdge: Unveiling an uncovered IOT Botnet est un article de Sekoia.io Blog. This article has been indexed from Sekoia.io Blog…
Category: Sekoia.io Blog
Cyber threats impacting the financial sector in 2024 – focus on the main actors
This report provides an overview of the main actors involved in malicious campaigns impacting the financial sector in 2024. It follows up on a previous Sekoia report focusing on the emerging trends in the financial cyber threat landscape. La publication…
Sekoia.io achieves ISO 27001 compliance
This article is also available in French here. Today, we are pleased to celebrate a major achievement for Sekoia.io with the attainment of the ISO/IEC 27001:2022 certification. In this blog post, we’ll explain the journey to this high-end certification. What…
RATatouille: Cooking Up Chaos in the I2P Kitchen
This article was originally distributed as a private FLINT report to our customers on 29 January 2025. Introduction During our daily tracking and analysis routine at TDR (Threat Detection & Research), we have been monitoring a technique known as ClickFix12.…
Detection engineering at scale: one step closer (part two)
In this article, we will build upon the previous discussion of our detection approach and associated challenges by detailing the regular and automated actions implemented through our CI/CD pipelines. La publication suivante Detection engineering at scale: one step closer (part…
Detection engineering at scale: one step closer (part two)
In this article, we will build upon the previous discussion of our detection approach and associated challenges by detailing the regular and automated actions implemented through our CI/CD pipelines. La publication suivante Detection engineering at scale: one step closer (part…
Targeted supply chain attack against Chrome browser extensions
On 26 December 2024, the data security company Cyberhaven informed its users about a compromise of their Chrome browser extension. The attacker exploited the extension developer’s permissions, which had been previously gained through a targeted phishing attack, to upload a…
Transition from IBM QRadar to Sekoia for a modern & rewarding experience
In this article, we’ll explore why making the switch from QRadar to Sekoia Defend is a rewarding experience and how Sekoia’s state-of-the-art platform offers unparalleled flexibility and power. La publication suivante Transition from IBM QRadar to Sekoia for a modern…
Sneaky 2FA: exposing a new AiTM Phishing-as-a-Service
Introduction In December 2024, during our daily threat hunting routine, we uncovered a new Adversary-in-the-Middle (AiTM) phishing kit targeting Microsoft 365 accounts. These phishing pages have been circulating since at least October 2024, and during that period, we identified potential…
Double-Tap Campaign: Russia-nexus APT possibly related to APT28 conducts cyber espionage on Central Asia and Kazakhstan diplomatic relations
This report was originally published for our customers on 12 December 2024. Introduction On Wednesday, 27 November 2024, Russian President Putin was on a 2-day state visit in Kazakhstan to discuss with local representatives the implementation of energy projects and…