Sekoia.io
LightNews LightNews
banner
sekoia.io
Sekoia.io
@sekoia.io
440 followers 38 following 100 posts
A #SOCplatform boosted by #AI and #threatintelligence, combining #SIEM, #SOAR, #Automation in a single solution. Used by End-users, MSSP and APIs
Posts Replies Media Videos
Pinned
sekoia.io
Sekoia.io @sekoia.io · Oct 2
📱 Silent Smishing: The Hidden Abuse of Cellular Router APIs

Our latest #CTI investigation from Sekoia #TDR team uncovers a novel #smishing vector abusing Milesight industrial cellular router APIs to send phishing #SMS at scale.

blog.sekoia.io/silent-smish...
sekoia.io
🎅 Check out the first three episodes of our special Advent of Configuration Extraction
Part 1: buff.ly/mpEzALh
Part 2: buff.ly/agWWCnp
Part3: buff.ly/Crz8rDh

🎄 Last part following Monday! 🎄
December 15, 2025 at 1:54 PM
sekoia.io
🇷🇺 French NGO Reporters Without Borders targeted by #Calisto in recent campaign

Sekoia #TDR analysed a recent #Calisto (aka #ColdRiver #Star Blizzard) spear-phishing campaign aimed at Reporters sans frontières and other #Ukraine-supporting organisations.

blog.sekoia.io/ngo-reporter...
December 4, 2025 at 8:26 AM
Reposted by Sekoia.io
herve-schauer.bsky.social
Histoire et dissection du 𝑚𝑎𝑙𝑤𝑎𝑟𝑒 ou chargeur malveillant 🇷🇺 #Latrodectus par Pierre Le Bourhis @sekoia.io à #UYBHYS25
@uybhys.bsky.social
November 8, 2025 at 3:36 PM
sekoia.io
#TDR analysts dig into a modus operandi targeting the hospitality industry and the related cybercrime ecosystem that facilitates #phishing and #fraud campaigns.

blog.sekoia.io/phishing-cam...
November 6, 2025 at 10:27 AM
sekoia.io
Discover how #TransparentTribe (#APT36) uses a disguised DESKTOP dropper to deploy #DeskRAT, a Golang RAT, on BOSS Linux endpoints in India.

Our Sekoia #TDR report breaks down the full infection chain and stealthy WebSocket C2 communications .

Read more 👉 blog.sekoia.io/transparentt...
October 23, 2025 at 7:49 AM
sekoia.io
Our latest technical deep-dive unravels the mystery behind the opaque numeric codes (16, 272, 33554432, etc.) you see in #Microsoft365 audit logs.

blog.sekoia.io/userauthenti...
October 21, 2025 at 9:14 AM
sekoia.io
After our initial #PolarEdge #botnet write-up, we’re happy to announce the second part: “Defrosting PolarEdge’s Backdoor,” a full technical deep-dive into its TLS-based implant.

blog.sekoia.io/polaredge-ba...
October 14, 2025 at 1:35 PM
Reposted by Sekoia.io
caproni.fr
Je recherche un Threat Researcher pour l’équipe TDR de @sekoia.io !

Vous aimez faire des règles #Sigma et #Yara ? Vous adorez pivoter et traquer les infrastructures (C2) d’attaques des cybercriminels ?

Alors cette offre d’emploi est faite pour vous !

www.welcometothejungle.com/en/companies...
Technical Threat Researcher – Sekoia.io – Permanent contract – Fully-remote
Sekoia.io is looking for a Technical Threat Researcher!
www.welcometothejungle.com
October 6, 2025 at 5:26 PM
sekoia.io
📱 Silent Smishing: The Hidden Abuse of Cellular Router APIs

Our latest #CTI investigation from Sekoia #TDR team uncovers a novel #smishing vector abusing Milesight industrial cellular router APIs to send phishing #SMS at scale.

blog.sekoia.io/silent-smish...
October 2, 2025 at 1:56 PM
sekoia.io
🐻 #APT28 – Operation Phantom Net Voxel: deep-dive into the latest spear-phishing campaign targeting Ukrainian military administrative staff.

blog.sekoia.io/apt28-operat...
September 16, 2025 at 12:59 PM
sekoia.io
[Threat investigation alert 🚨] Predators for Hire: A Global Overview of Commercial Surveillance Vendors

➡️ blog.sekoia.io/predators-fo...
September 2, 2025 at 9:55 AM
sekoia.io
🔥 Hot summer, sizzling crypto... and scammers turning up the heat 🔥

Back in March, Sekoia #TDR team published a deep-dive report on a #Lazarus cluster we dubbed #ClickFake Interview, leveraging the #ClickFix technique in their #ContagiousInterview campaign.
July 21, 2025 at 2:40 PM
sekoia.io
A few weeks ago, we published our global analysis of Adversary-in-the-Middle #phishing threats, providing actionable intelligence on multiple #AitM phishing kits.

This report includes 11 sheets covering the most widespread #AitM phishing kits as of Q1 2025.
July 8, 2025 at 7:53 AM
sekoia.io
📝 Our latest #TDR report delivers an in-depth analysis of Adversary-in-the-Middle (#AitM) #phishing threats - targeting Microsoft 365 and Google accounts - and their ecosystem.

This report shares actionable intelligence to help analysts detect and investigate AitM phishing.
June 11, 2025 at 8:32 AM
sekoia.io
🧀 The Sharp Taste of #Mimo’lette: Analyzing Mimo’s Latest Campaign targeting #Craft CMS

blog.sekoia.io/the-sharp-ta...
The Sharp Taste of Mimo'lette: Analyzing Mimo’s Latest Campaign targeting Craft CMS
Analysis of the CVE-2025-32432 compromise chain by Mimo: exploitation, loader, crypto miner, proxyware, and detection opportunities.
blog.sekoia.io
May 27, 2025 at 1:16 PM
sekoia.io
🪤 Sekoia #TDR's new exclusive research uncovers the #ViciousTrap, a honeypot network deployed on compromised edge devices.

blog.sekoia.io/vicioustrap-...
ViciousTrap - Infiltrate, Control, Lure: Turning edge devices into honeypots en masse.
Discover ViciousTrap, a newly identified threat who turning edge devices into honeypots en masse targeting
blog.sekoia.io
May 22, 2025 at 2:17 PM
sekoia.io
Our new report describes one of the latest observed infection chains (delivering #AsyncRAT) relying on the #Cloudflare tunnel infrastructure and the attacker’s #TTPs with a principal focus on detection opportunities.

blog.sekoia.io/detecting-mu...
April 23, 2025 at 8:33 AM
sekoia.io
Since the apparition of the #Interlock ransomware, the Sekoia #TDR team observed its operators evolving, improving their toolset (#LummaStealer and #BerserkStealer), and leveraging new techniques such as #ClickFix to deploy the ransomware payload.

blog.sekoia.io/interlock-ra...
April 16, 2025 at 9:13 AM
sekoia.io
🎉 It's not about a CTI investigation or a Detection Engineering topic, but today we are happy to announce that Sekoia.io has raised €26m!
www.sekoia.io/en/presse/se...
April 9, 2025 at 1:16 PM
sekoia.io
🇰🇵 Sekoia #TDR team investigated a malicious campaign that employs fake job interview websites to deliver backdoors on Windows and macOS - #GolangGhost using #ClickFix tactic. Dubbed #ClickFake Interview, this campaign has been attributed to #Lazarus APT

blog.sekoia.io/clickfake-in...
March 31, 2025 at 9:27 AM
Reposted by Sekoia.io
sekoia.io
TDR analysts published an analysis of the new #ClearFake variant that relies on compromised websites injected with the malicious JavaScript framework, the #EtherHiding technique, and the #ClickFix social engineering tactic.

buff.ly/vbiVbsN
ClearFake’s New Widespread Variant: Increased Web3 Exploitation for Malware Delivery
ClearFake spreads malware via compromised websites, using fake CAPTCHAs, JavaScript injections, and drive-by downloads.
blog.sekoia.io
March 19, 2025 at 1:28 PM
sekoia.io
TDR analysts published an analysis of the new #ClearFake variant that relies on compromised websites injected with the malicious JavaScript framework, the #EtherHiding technique, and the #ClickFix social engineering tactic.

buff.ly/vbiVbsN
ClearFake’s New Widespread Variant: Increased Web3 Exploitation for Malware Delivery
ClearFake spreads malware via compromised websites, using fake CAPTCHAs, JavaScript injections, and drive-by downloads.
blog.sekoia.io
March 19, 2025 at 1:28 PM
sekoia.io
The conclusion (part three) of our series on #DetectionEngineering is finally here! buff.ly/dijB0fy
March 10, 2025 at 4:48 PM
sekoia.io
Using our #honeypots, we uncovered an unreported #botnet that has been operational since at least the end of November 2023. This #PolarEdge botnet has been focusing on #edge devices, particularly those made by #Cisco, #Asus, #QNAP, and #Synology.

https://buff.ly/4ibOEo8
February 25, 2025 at 1:22 PM
sekoia.io
Cyber threats impacting the financial sector: focus on the main actors

We're thrilled to announce the release of the latest strategic report by Sekoia #TDR. This analysis highlights key cyber threats to the #financial sector in 2024.

https://buff.ly/3D3IZl7
February 24, 2025 at 9:27 AM