Between 27 and 29 May 2024, international law enforcement agencies and partners conducted the Operation Endgame to disrupt criminal services, notably through taking down key botnet infrastructures, including those of IcedID, SystemBC, PikaBot, SmokeLoader and BumbleBee.
The Sekoia TDR team supported the French law enforcement agencies by providing valuable cyber threat intelligence, in particular on PikaBot.…
This time, we’re not revealing a new cyber threat investigation or analysis, but I want to share some insights about the team behind all Sekoia Threat Intelligence and Detection Engineering reports. Let me introduce you to the Sekoia TDR team.
TL;DR Sekoia Threat Detection & Research (TDR) is a multidisciplinary team dedicated to Cyber Threat Intelligence and Detection Engineering for the Sekoia SOC Platform.…This report was originally published for our customers on 14 May 2024.
Executive summary The DoppelGänger campaign is an ongoing influence campaign, starting from May 2022 and attributed to the Structura National Technologies (Structura) and the Social Design Agency (SDA), which are two Russian entities. The primary goal of DoppelGänger is to diminish support for Ukraine in the wake of Russian aggression and to foster divisions within nations backing Ukraine.…This report was originally published for our customers on 2 May 2024.
As part of our critical vulnerabilities monitoring routine, Sekoia’s Threat & Detection Research (TDR) team deploys and supervises honeypots in different locations around the world to identify potential exploitations.
Table of contents IntroductionRecently, our team observed an incident involving our MS-SQL (Microsoft SQL) honeypot.…
To enhance our threat intelligence, improve detection and identify new threats, Sekoia.io analysts perform continuous hunting and detection engineering every day to give our customers more options to protect themselves. Sekoia.io Threat Detection & Research (TDR) team is there to fill our SOC platform with detection rules and CTI.…
To enhance our threat intelligence, improve detection and identify new threats, Sekoia analysts engage in continuous hunting to address the main threats affecting our customers. For this, we proactively search and identify emerging threats, using our telemetry data, internal tools and external services.
In October 2023, our daily threat hunting routine led us to uncover a new Adversary-in-The-Middle (AiTM) phishing kit allegedly used by multiple threat actors to carry out widespread and effective attacks.…
Written by World Watch team from CERT Orange Cyberdefense (Marine PICHON, Vincent HINDERER, Maël SARP and Ziad MASLAH) and Sekoia TDR team (Livia TIBIRNA, Amaury G. and Grégoire CLERMONT)
TL;DR Residential proxies are intermediaries that allow an Internet connection to appear as coming from another host; This method allows a user to hide the real origin and get an enhanced privacy or an access to geo-restricted content; Residential proxies represent a growing threat in cyberspace, frequently used by attacker groups to hide among legitimate traffic, but also in a legitimate way; The ecosystem of these proxies is characterised by a fragmented and deregulated offering in legitimate and cybercrime webmarkets; To obtain an infrastructure up to several million hosts, residential proxies providers use techniques that can mislead users who install third-party software; With millions of IP addresses available, they represent a massive challenge to be detected by contemporary security solutions; Defending against this threat requires increased vigilance over the origin of traffic, which may not be what it seems, underlining the importance of a cautious and informed approach to managing network traffic; This joint report is built on extensive research from Sekoia.io…As of today, a large majority of intrusion sets and threat actors leverage crypters prior to delivering and executing malicious payloads on a target system. They use it to build malware capable of avoiding security solutions. In their campaigns, malicious actors can rely on an open-source, a commercially available or a custom crypter.…
Since the onset of the War in Ukraine, various groups identified as “nationalist hacktivists” have emerged, particularly on the Russian side, to contribute to the confrontation between Kyiv and Moscow. Among these entities, the pro-Russian group NoName057(16) has garnered attention through the initiation of Project DDoSia, a collective endeavour aimed at conducting large-scale distributed denial-of-service (DDoS) attacks, targeting entities (private corporations, ministries and public institutions) belonging to countries supporting Ukraine, predominantly NATO member states.…
In September and October 2023, several open source publications, part of the Predator Files project coordinated by the European Investigative Collaborations, exposed the use of the Predator spyware by customers of Intellexa surveillance solutions. The intrusion set related to these customers is tracked under the code-name Lycantrox by Sekoia.…
Scattered Spider (aka UNC3944, Scatter Swine, Muddled Libra, Octo Tempest, Oktapus, StarFraud) is a lucrative intrusion set active since at least May 2022, primarily engaged in social engineering, ransomware, extortion campaigns and other advanced techniques.
The intrusion set employs state-of-the-art techniques, particularly related to social engineering, such as impersonation of IT personnel to deceive employees for targeted phishing, SIM swapping, leverage of MFA fatigue, and contact with victims’ support teams.…
Throughout 2023, Sekoia.io’s Threat Detection & Research (TDR) team actively tracked and monitored adversary C2 infrastructures set up and used by lucrative and state-sponsored intrusion sets to carry out malicious cyber activities.
Our analysts identified more than 85,000 IP addresses used as C2 servers in 2023, an increase of more than 30% compared to 2022.…
FIN7 is an intrusion set operating since at least 2015. The group is known to be structured as a corporate business composed of Russian-speaking members. FIN7 hides its illicit activities behind front companies, which are likewise used to recruit IT experts who are not aware of the malicious activities they are involved in.…
The next Olympic Games hosted in Paris will take place from 26 July to 11 August 2024, while the Paralympic Games will be carried out from 28 August to 8 September 2024. The Olympic and Paralympic Games, which bring together all the nations around sport competitions every two years, is a showcase for States in front of the world.…
In the ever-changing cybersecurity landscape, Identity and Access Management (IAM) stands as the cornerstone of an organisation’s digital asset protection. IAM solutions play an essential role in managing user identities, controlling access to resources and ensuring compliance. As the digital threat landscape is constantly increasing in complexity, the need for visibility of IAM events has become paramount to detect attacks as early as possible before impact.…