In this article, we’ll explore why making the switch from QRadar to Sekoia Defend is a rewarding experience and how Sekoia’s state-of-the-art platform offers unparalleled flexibility and power. La publication suivante Transition from IBM QRadar to Sekoia for a modern…
Category: Sekoia.io Blog
Sneaky 2FA: exposing a new AiTM Phishing-as-a-Service
Introduction In December 2024, during our daily threat hunting routine, we uncovered a new Adversary-in-the-Middle (AiTM) phishing kit targeting Microsoft 365 accounts. These phishing pages have been circulating since at least October 2024, and during that period, we identified potential…
Double-Tap Campaign: Russia-nexus APT possibly related to APT28 conducts cyber espionage on Central Asia and Kazakhstan diplomatic relations
This report was originally published for our customers on 12 December 2024. Introduction On Wednesday, 27 November 2024, Russian President Putin was on a 2-day state visit in Kazakhstan to discuss with local representatives the implementation of energy projects and…
Double-Tap Campaign: Russia-nexus APT possibly related to APT28 conducts cyber espionage on Central Asia and Kazakhstan diplomatic relations
This report was originally published for our customers on 12 December 2024. Introduction On Wednesday, 27 November 2024, Russian President Putin was on a 2-day state visit in Kazakhstan to discuss with local representatives the implementation of energy projects and…
Double-Tap Campaign : Russia-nexus APT possibly related to APT28 conducts cyber espionage on Central Asia and Kazakhstan diplomatic relations
This report was originally published for our customers on 12 December 2024. Introduction On Wednesday, 27 November 2024, Russian President Putin was on a 2-day state visit in Kazakhstan to discuss with local representatives the implementation of energy projects and…
PlugX worm disinfection campaign feedbacks
In September 2023, we successfully took ownership of one of the IP addresses used by the PlugX worm—a variant of PlugX associated with Mustang Panda, which possesses worming capabilities by infecting flash drives. Following this success, we studied the inner…
Happy YARA Christmas!
In the ever-evolving landscape of cybersecurity, effective threat detection is paramount. Since its creation, YARA stands out as a powerful tool created to identify and classify malware. Originally developed by Victor Alvarez of VirusTotal, YARA has become a vital tool…
Detection engineering at scale: one step closer (part one)
Security Operations Center (SOC) and Detection Engineering teams frequently encounter challenges in both creating and maintaining detection rules, along with their associated documentation, over time. These difficulties stem largely from the sheer number of detection rules required to address a…
Detection engineering at scale: one step closer (part one)
Security Operations Center (SOC) and Detection Engineering teams frequently encounter challenges in both creating and maintaining detection rules, along with their associated documentation, over time. These difficulties stem largely from the sheer number of detection rules required to address a…
The story behind Sekoia.io Custom Integrations
Since launching in 2017, Sekoia.io has made a name for itself with its groundbreaking vision in threat detection, leveraging advanced analytics and smart machine learning. But the journey does not end there! Sekoia.io is always growing and improving its services…