This blog post provides an overview of the observed Clickfix clusters and suggests detection rules based on an analysis of the various infection methods employed.
This blog post provides a chronological overview of the observed ClickFix campaigns. We further share technical details about a ClickFix cluster that uses fake Google Meet video conference pages to distribute infostealers.
Discover Mamba 2FA, a previously unknown adversary-in-the-middle (AiTM) phishing kit, sold as phishing-as-a-service (PhaaS).
Since mid 2023, Sekoia Threat Detection & Research team (TDR) investigated an infrastructure which controls compromised edge devices transformed into Operational Relay Boxes used to launch offensive cyber attack.
On 17 September 2024, Sekoia’s Threat Detection & Research (TDR) team identified a notable infection chain targeting both Windows and Linux systems through our Oracle WebLogic honeypot. The attacker exploited CVE-2017-10271 and CVE-2020-14883 Weblogic...
Our investigation uncovered 25 kurdish websites compromised by four different variants of a malicious script, ranging from the simplest, which obtains the device's location, to the most complex, which prompts selected users to install...
This blogpost examines the use of WebDAV technology in hosting malicious files related to the Emmenhtal loader, then analyses the various final payloads delivered through this infrastructure, and concludes by exploring the possibility that...
Anticipating Paris 2024 Olympics cyber threats, Sekoia.io has conducted over July and August 2024 a proactive hunting of Olympics-typosquatted domains registered by malicious actors – cybercrime related and possibly APT campaigns – in order...
Executive Summary Introduction 2024 marks a pivotal moment in global politics as an unusual number of elections have and will take place across various nations, encompassing approximately 54% of the world’s population. Elections serve...