On a calm Friday afternoon, rumors of a new active threat starts hitting the various social network websites. Your CSIRT team starts checking the private channels they have with other CERTs and starts compiling a list of Indicators of Compromise…
Category: Sekoia.io Blog
A three beats waltz: The ecosystem behind Chinese state-sponsored cyber threats
Executive Summary Introduction Recent reports about the People’s Republic of China (PRC) cyber capabilities highlighted its important arsenal mobilising institutional and military actors, as well as private companies providing hack-for-hire services for governmental operations. These findings pointed out the complexity…
ClickFix tactic: Revenge of detection
This blog post provides an overview of the observed Clickfix clusters and suggests detection rules based on an analysis of the various infection methods employed. La publication suivante ClickFix tactic: Revenge of detection est un article de Sekoia.io Blog. This…
ClickFix tactic: The Phantom Meet
This blog post provides a chronological overview of the observed ClickFix campaigns. We further share technical details about a ClickFix cluster that uses fake Google Meet video conference pages to distribute infostealers. La publication suivante ClickFix tactic: The Phantom Meet…
Mastering SOC complexity: Optimizing access management with Sekoia Defend
In hybrid and outsourced SOC models, managing access for different stakeholders—including internal security teams, MSSP personnel, and other IT departments—can be complex. Even different teams than security ones may need access to specific data, such as network logs for infrastructure…
Mamba 2FA: A new contender in the AiTM phishing ecosystem
Discover Mamba 2FA, a previously unknown adversary-in-the-middle (AiTM) phishing kit, sold as phishing-as-a-service (PhaaS). La publication suivante Mamba 2FA: A new contender in the AiTM phishing ecosystem est un article de Sekoia.io Blog. This article has been indexed from Sekoia.io…
Getting started with Detection-as-Code and Sekoia Platform
Whether you’re an MSSP looking to enhance client offerings or an internal SOC team striving for operational excellence, adopting Detection-as-Code can be a game-changer. Here’s why it matters. La publication suivante Getting started with Detection-as-Code and Sekoia Platform est un…
Hunting for IoCs: from singles searches to an automated and repeatable process
Understanding cyber threats and IoC (Indicators of Compromise) is crucial for protecting your organisation from cybercriminal activities. At Sekoia, we’ve embraced this by developing a comprehensive solution that combines Cyber Threat Intelligence (The Sekoia Intelligence product) with our detection platform,…
Bulbature, beneath the waves of GobRAT
Since mid 2023, Sekoia Threat Detection & Research team (TDR) investigated an infrastructure which controls compromised edge devices transformed into Operational Relay Boxes used to launch offensive cyber attack. La publication suivante Bulbature, beneath the waves of GobRAT est un…
Why it’s time to replace your legacy SIEM with a SOC platform
In today’s cybersecurity landscape, upgrading from legacy SIEM solutions to modern SOC platforms is no longer a question of if, but when. As we enter 2024, security teams must adapt to the increasingly complex threats they face, and relying on…