This report was originally published for our customers on 12 December 2024. Introduction On Wednesday, 27 November 2024, Russian President Putin was on a 2-day state visit in Kazakhstan to discuss with local representatives the implementation of energy projects and…
Category: Sekoia.io Blog
Double-Tap Campaign : Russia-nexus APT possibly related to APT28 conducts cyber espionage on Central Asia and Kazakhstan diplomatic relations
This report was originally published for our customers on 12 December 2024. Introduction On Wednesday, 27 November 2024, Russian President Putin was on a 2-day state visit in Kazakhstan to discuss with local representatives the implementation of energy projects and…
PlugX worm disinfection campaign feedbacks
In September 2023, we successfully took ownership of one of the IP addresses used by the PlugX worm—a variant of PlugX associated with Mustang Panda, which possesses worming capabilities by infecting flash drives. Following this success, we studied the inner…
Happy YARA Christmas!
In the ever-evolving landscape of cybersecurity, effective threat detection is paramount. Since its creation, YARA stands out as a powerful tool created to identify and classify malware. Originally developed by Victor Alvarez of VirusTotal, YARA has become a vital tool…
Detection engineering at scale: one step closer (part one)
Security Operations Center (SOC) and Detection Engineering teams frequently encounter challenges in both creating and maintaining detection rules, along with their associated documentation, over time. These difficulties stem largely from the sheer number of detection rules required to address a…
Detection engineering at scale: one step closer (part one)
Security Operations Center (SOC) and Detection Engineering teams frequently encounter challenges in both creating and maintaining detection rules, along with their associated documentation, over time. These difficulties stem largely from the sheer number of detection rules required to address a…
The story behind Sekoia.io Custom Integrations
Since launching in 2017, Sekoia.io has made a name for itself with its groundbreaking vision in threat detection, leveraging advanced analytics and smart machine learning. But the journey does not end there! Sekoia.io is always growing and improving its services…
Implementing blocklists in the Sekoia SOC platform
On a calm Friday afternoon, rumors of a new active threat starts hitting the various social network websites. Your CSIRT team starts checking the private channels they have with other CERTs and starts compiling a list of Indicators of Compromise…
A three beats waltz: The ecosystem behind Chinese state-sponsored cyber threats
Executive Summary Introduction Recent reports about the People’s Republic of China (PRC) cyber capabilities highlighted its important arsenal mobilising institutional and military actors, as well as private companies providing hack-for-hire services for governmental operations. These findings pointed out the complexity…
ClickFix tactic: Revenge of detection
This blog post provides an overview of the observed Clickfix clusters and suggests detection rules based on an analysis of the various infection methods employed. La publication suivante ClickFix tactic: Revenge of detection est un article de Sekoia.io Blog. This…