Today, we are adding Sigma Correlations support to the SEKOIA.IO threat detection capabilities! In this post, we discuss what can be done with it, and why it was needed. Limitations of STIX and STIX Patterning When we first created our threat detection engine, we...
You may not have missed all the noises recently caused by Lapsus$, a group that seems to specialize in extortion without necessarily leveraging ransomware. At first glance, Lapsus$ check marks all elements that would make researchers put them in the low priority...
Russia’s war in Ukraine is currently widely mirrored in cyberspace, engaging many different parties in an ever-increasing dispute. In this blog post, we will focus on developments in the world of cybercrime (which supposedly do not involve nation-state threat...
In a blog post entitled “The story of a ransomware builder: from Thanos to Spook and beyond (Part 1)”, our colleagues from CERT-SEKOIA described the results of incident response on a Spook ransomware attack. We took over and then investigated the Thanos builder used...
A first version of this blogpost was released as a FLINT (Flash Intelligence Report) by SEKOIA.IO Threat & Detection Research Team on February 16, 2022. This is an updated version, in light of the latest developments related to the invasion of Ukraine by Russia....
Introduction During an onsite incident response analysis, CERT-Sekoia was contacted in order to respond to a Spook ransomware attack. After gathering the evidence, we identified that malicious actors used a legitimate VPN account to initiate the first connection. The...
NOBELIUM is another name for the APT29 intrusion set¹, operated by a threat actor allegedly linked to the SVR (the Foreign Intelligence Service of the Russian Federation)². NOBELIUM has historically targeted government organizations, non-governmental organizations,...
[Since this post concerns a recently-published vulnerability, intelligence regarding latest research will be updated periodically] On Thursday, December 9, 2021, a code execution vulnerability (dubbed Log4Shell and referenced as CVE-2021-44228) affecting the Java...
SEKOIA.IO aims to be as close as possible to the users of the platform, meeting their needs in a precise way, while taking into account their approach and user experience. In this dynamic, the platform continues to reinvent itself and evolve by regularly integrating...
November 10th, 2021 – SEKOIA.IO’s Cyber Threat Intelligence team had an in-depth look at the APT31 intrusion set at the beginning of 2021 when the BfV (Bundesamt für Verfassungsschutz)¹ and McAfee² released some new information. A few months later, the...
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
This cookie is set by Hubspot. According to their documentation, whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session.
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
This cookies is set by GDPR Cookie Consent WordPress Plugin. The cookie is used to remember the user consent for the cookies under the category "Analytics".
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
This cookie is set by HubSpot. The purpose of the cookie is to keep track of sessions. This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp.
This cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.
This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
This cookie is set by LinkedIn and used for routing.
This cookie is set by Polylang plugin for WordPress powered websites. The cookie stores the language code of the last browsed page.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
1 year 24 days
This cookie is set by Hubspot and is used for tracking visitors. It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
This cookie is set by Google and is used to distinguish users.
This cookie is used by Google Analytics to understand user interaction with the website.
This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
1 year 24 days
This cookie is used by HubSpot to keep track of the visitors to the website. This cookie is passed to Hubspot on form submission and used when deduplicating contacts.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
This script communicates back to TechTarget which accounts, based on reverse IP lookup, have visited this website. The information that is transmitted includes: URL of page landed on, Timestamp of visit, IP Address
This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.