This blog post provides a chronological overview of the observed ClickFix campaigns. We further share technical details about a ClickFix cluster that uses fake Google Meet video conference pages to distribute infostealers. La publication suivante ClickFix tactic: The Phantom Meet…
Category: Sekoia.io Blog
Mastering SOC complexity: Optimizing access management with Sekoia Defend
In hybrid and outsourced SOC models, managing access for different stakeholders—including internal security teams, MSSP personnel, and other IT departments—can be complex. Even different teams than security ones may need access to specific data, such as network logs for infrastructure…
Mamba 2FA: A new contender in the AiTM phishing ecosystem
Discover Mamba 2FA, a previously unknown adversary-in-the-middle (AiTM) phishing kit, sold as phishing-as-a-service (PhaaS). La publication suivante Mamba 2FA: A new contender in the AiTM phishing ecosystem est un article de Sekoia.io Blog. This article has been indexed from Sekoia.io…
Getting started with Detection-as-Code and Sekoia Platform
Whether you’re an MSSP looking to enhance client offerings or an internal SOC team striving for operational excellence, adopting Detection-as-Code can be a game-changer. Here’s why it matters. La publication suivante Getting started with Detection-as-Code and Sekoia Platform est un…
Hunting for IoCs: from singles searches to an automated and repeatable process
Understanding cyber threats and IoC (Indicators of Compromise) is crucial for protecting your organisation from cybercriminal activities. At Sekoia, we’ve embraced this by developing a comprehensive solution that combines Cyber Threat Intelligence (The Sekoia Intelligence product) with our detection platform,…
Bulbature, beneath the waves of GobRAT
Since mid 2023, Sekoia Threat Detection & Research team (TDR) investigated an infrastructure which controls compromised edge devices transformed into Operational Relay Boxes used to launch offensive cyber attack. La publication suivante Bulbature, beneath the waves of GobRAT est un…
Why it’s time to replace your legacy SIEM with a SOC platform
In today’s cybersecurity landscape, upgrading from legacy SIEM solutions to modern SOC platforms is no longer a question of if, but when. As we enter 2024, security teams must adapt to the increasingly complex threats they face, and relying on…
Hadooken and K4Spreader: The 8220 Gang’s Latest Arsenal
On 17 September 2024, Sekoia’s Threat Detection & Research (TDR) team identified a notable infection chain targeting both Windows and Linux systems through our Oracle WebLogic honeypot. The attacker exploited CVE-2017-10271 and CVE-2020-14883 Weblogic vulnerabilities to deploy Python and Bash…
Navigating the NIS2 Directive: Key insights for cybersecurity compliance and how Sekoia.io can help
To read the French version the article, click here. The European Union (EU) adopted a fundamental directive at the end of 2022 aimed at protecting critical sectors of the European economy from cyber threats. Directive (EU) 2022/2555, better known as…
SilentSelfie: Uncovering a major watering hole campaign against Kurdish websites
Our investigation uncovered 25 kurdish websites compromised by four different variants of a malicious script, ranging from the simplest, which obtains the device’s location, to the most complex, which prompts selected users to install a malicious Android application. La publication…