🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

🔍 Large-scale #DetectionEngineering: part two! 🚀 In this article, we explore an innovative approach that transforms the execution of automated actions via CI/CD pipelines, enabling effective scaling and alignment with developer and DevOps practices. blog.sekoia.io/detection-engi…

🐭 RATatouille: Cooking Up Chaos in the I2P Kitchen 🔍 Our Threat Detection & Research (TDR) team has been analyzing a sophisticated new malware, #I2PRAT, featured in our latest FLINT report- now available in our blog! blog.sekoia.io/ratatouille-co…

A recent report by Livia Tibirna, Coline Chavane and Sekoia TDR provides an overview of the main actors involved in malicious campaigns impacting the financial sector in 2024. blog.sekoia.io/cyber-threats-…

Cyber threats impacting the financial sector: focus on the main actors We're thrilled to announce the release of the latest strategic report by Sekoia #TDR. This analysis highlights key cyber threats to the #financial sector in 2024. blog.sekoia.io/cyber-threats-…

Using our #honeypots, we uncovered an unreported #botnet that has been operational since at least the end of November 2023. This #PolarEdge botnet has been focusing on #edge devices, particularly those made by #Cisco, #Asus, #QNAP, and #Synology. blog.sekoia.io/polaredge-unve…

Plus de 250 cyberattaques ont été recensées en 2023 dans les hôpitaux français. 👉Elizabeth Martichoux reçoit François Deruty, spécialiste du risque cyber 💻#EtatdeSanté, disponible : bit.ly/4kadxSM

Sekoia's TDR reseachers provide a technical analysis of ClearFake’s recent variant, focusing primarily on the interactions with the Binance Smart Chain introduced in its latest version. blog.sekoia.io/clearfakes-new…

TDR analysts published an analysis of the new #ClearFake variant that relies on compromised websites injected with the malicious JavaScript framework, the #EtherHiding technique, and the #ClickFix social engineering tactic. blog.sekoia.io/clearfakes-new…

Here is our in-depth analysis of the latest #ClearFake variant using the Binance Smart Chain and two new ClickFix lures. ClearFake is injected into thousands of compromised sites to distribute the #Emmental Loader, #Lumma, #Rhadamanthys, and #Vidar. ⬇️ x.com/sekoia_io/stat…

🇰🇵 Sekoia #TDR team investigated a malicious campaign that employs fake job interview websites to deliver backdoors on Windows and macOS - #GolangGhost using #ClickFix tactic. Dubbed #ClickFake Interview, this campaign has been attributed to #Lazarus APT blog.sekoia.io/clickfake-inte…

Sekoia researchers discovered a ClickFake Interview campaign targeting job seekers with fake job interview sites. The infrastructure aligns with technical indicators linked to the Contagious Interview campaign & delivers GolangGhost for Windows & macOS. blog.sekoia.io/clickfake-inte…

In March 2025, Bybit, an UAE-based crypto exchange platform, was targeted by Lazarus, a state-sponsored intrusion set attributed to the Democratic People’s Republic of Korea (DPRK) | blog.sekoia.io/clickfake-inte… Sekoia.io

🎉 It's not about a CTI investigation or a Detection Engineering topic, but today we are happy to announce that Sekoia.io has raised €26m! sekoia.io/en/presse/seko…

Since the apparition of the #Interlock ransomware, the Sekoia #TDR team observed its operators evolving, improving their toolset (#LummaStealer #BerserkStealer), and leveraging new techniques such as #ClickFix to deploy the ransomware payload. blog.sekoia.io/interlock-rans…

Our new report describes one of the latest observed infection chains (delivering #AsyncRAT) relying on the #Cloudflare tunnel infrastructure and the attacker’s #TTPs with a principal focus on detection opportunities. blog.sekoia.io/detecting-mult…

Excited to see this paper finally published! Meet #ViciousTrap, a threat actor compromising and turning edge devices into honeypots! blog.sekoia.io/vicioustrap-in…

🧀 The Sharp Taste of #Mimo’lette: Analyzing Mimo’s Latest Campaign targeting #Craft CMS buff.ly/hv4EWLp

Jeremy Scion, Pierre Le Bourhis & Sekoia TDR present an analysis of the compromise chain initiated by the exploitation of CVE-2025-32432. The exploitation occurred in a CMS honeypot and led to a loader, a crypto miner, and a residential proxyware. blog.sekoia.io/the-sharp-tast…

📝 Our latest #TDR report delivers an in-depth analysis of Adversary-in-the-Middle (#AitM) #phishing threats - targeting Microsoft 365 and Google accounts - and their ecosystem. This report shares actionable intelligence to help analysts detect and investigate AitM phishing.

We are excited to share our latest blogpost on AitM phishing threats - covering common TTPs, the PhaaS ecosystem, the most widespread kits, and multiple detection opportunities! x.com/sekoia_io/stat… w/ Grégoire Clermont