by Georges Bossert | 29 Mar 2022 | XDR
Today, we are adding Sigma Correlations support to the SEKOIA.IO threat detection capabilities! In this post, we discuss what can be done with it, and why it was needed. Limitations of STIX and STIX Patterning When we first created our threat detection engine, we...
by TDR | 23 Mar 2022 | CTI
You may not have missed all the noises recently caused by Lapsus$, a group that seems to specialize in extortion without necessarily leveraging ransomware. At first glance, Lapsus$ check marks all elements that would make researchers put them in the low priority...
by Victor Simon | 7 Mar 2022 | CTI
Russia’s war in Ukraine is currently widely mirrored in cyberspace, engaging many different parties in an ever-increasing dispute. In this blog post, we will focus on developments in the world of cybercrime (which supposedly do not involve nation-state threat...
by Victor Simon | 25 Feb 2022 | CTI
In a blog post entitled “The story of a ransomware builder: from Thanos to Spook and beyond (Part 1)”, our colleagues from CERT-SEKOIA described the results of incident response on a Spook ransomware attack. We took over and then investigated the Thanos builder used...
by Victor Simon | 24 Feb 2022 | CTI
A first version of this blogpost was released as a FLINT (Flash Intelligence Report) by SEKOIA.IO Threat & Detection Research Team on February 16, 2022. This is an updated version, in light of the latest developments related to the invasion of Ukraine by Russia....
by CERT SEKOIA | 17 Feb 2022 | CTI
Introduction During an onsite incident response analysis, CERT-Sekoia was contacted in order to respond to a Spook ransomware attack. After gathering the evidence, we identified that malicious actors used a legitimate VPN account to initiate the first connection. The...
by cecile.feroldi | 6 Jan 2022 | CTI
NOBELIUM is another name for the APT29 intrusion set¹, operated by a threat actor allegedly linked to the SVR (the Foreign Intelligence Service of the Russian Federation)². NOBELIUM has historically targeted government organizations, non-governmental organizations,...
by cecile.feroldi | 13 Dec 2021 | CTI
[Since this post concerns a recently-published vulnerability, intelligence regarding latest research will be updated periodically] On Thursday, December 9, 2021, a code execution vulnerability (dubbed Log4Shell and referenced as CVE-2021-44228) affecting the Java...
by Victor Simon | 3 Dec 2021 | XDR
SEKOIA.IO aims to be as close as possible to the users of the platform, meeting their needs in a precise way, while taking into account their approach and user experience. In this dynamic, the platform continues to reinvent itself and evolve by regularly integrating...
by David Bizeul | 10 Nov 2021 | CTI
November 10th, 2021 – SEKOIA.IO’s Cyber Threat Intelligence team had an in-depth look at the APT31 intrusion set at the beginning of 2021 when the BfV (Bundesamt für Verfassungsschutz)¹ and McAfee² released some new information. A few months later, the...
