Home » Glossary


Find all the terms related to Sekoia.io products and the world of cybersecurity.

Anonymous Sudan(Anonymous Sudan)

Anonymous Sudan is a sub-group of the pro-Russian hacktivist group Killnet, a group with which Anonymous Sudan has publicly aligned itself since March 2023.

APT(Advanced Persistent Threat)

APT (Advanced Persistent Threat) is a sophisticated attack on an organization that can take months to identify and remove. It is also used as a term for malware designed to steal information from a targeted organization.

APT27 (LuckyMouse, EmissaryPanda)(Advanced Persistent Threat 27)

APT 27 aka LuckyMouse or EmissaryPanda is a cyber threat actor, reputed to be close to the People's Republic of China (PRC).

APT29 aka Nobelium, Cozy Bear( Advanced Persistent Threat 29)

Nobelium, also known as APT29, is a cyber espionage group that is believed to be operated by the Russian government.

APT31( Advanced Persistent Threat 31)

APT31 (also know as Zirconium or Judgment Panda) is an Advanced Persistent Threat (link to APT) group whose mission is likely to gather intelligence on behalf of the Chinese government.

AridViper(APT group)

AridViper, also known as APT C-23, MoleRATs, Gaza Cyber Gang or Desert Falcon, is an intrusion group reputed to be close to Hamas and has been active since at least 2012

BlackCat Ransomware(Ransomware)

BlackCat ransomware, also known as ALPHV is a malware that encrypts files on a victim's computer, making them inaccessible until a ransom is paid.

Bluenoroff(North Korea-nexus intrusion set)

Bluenoroff is a notorious intrusion group that emerged on the cybercrime scene in the early 2010s. Bluenoroff's exact origins remain unclear, but he is widely suspected of having ties to North Korea.

Cactus ransomware(A ransomware)

Cactus ransomware is a ransomware that steals and encrypts the data of its victims. It uses the double extortion technique to put greater pressure on victims to pay the ransom, threatening to leak the stolen data on its dedicated platform.


Calisto is a reputed threat actor close to Russia and also known as COLDRIVER.

Callback phishing

It is a spearphishing tactic. It involves impersonating legitimate platforms or businesses by sending emails claiming that the victim has been or will be charged for a service. Then, she urges victims to call a listed phone number for further clarification.

CERT(Computer Emergency Response Team)

The primary mission of a CERT is to contain computer security incidents, minimize their impact on the organization's operations and reputation, and facilitate post-crisis remediation and reconstruction.

ClearFake(Malicious JavaScript framework)

ClearFake is a new malicious JavaScript framework used on compromised websites to spread malware with a drive-by download technique.

Command & Control(infrastructure, server)

Command and Control (C2) is a set of techniques and technologies used by cybercriminals and other advanced persistent threat (APT) groups to centrally control compromised systems and coordinate malicious activities.

Crypters(Software programs)

Crypters (“криптер” in Russian) are software programs capable of encrypting, obfuscating, and manipulating malware to bypass detection mechanisms, while keeping the malware’s functionalities intact.

CSIRT(Computer Security Incident Response Team)

A Computer Security Incident Response Team (CSIRT) is an operational security team who are responsible for responding to and managing computer security incidents within an organization.

CTI(Cyber Threat Intelligence)

Cyber ​​Threat Intelligence (CTI) defines cyber threat research, analysis and modeling. It'is used to prevent and detect computer attacks.

CustomerLoader(New malware)

CustomerLoader is a new malware distributing a wide variety of payloads, including infostealers, RATs and ransomware.


Cybersecurity is a professional activity that helps protect companies' networks, systems and sensitive data from digital attacks.

DarkGate malware(Malware)

DarkGate is a loader with RAT capabilities developed in Delphi with modules developed in C++, which has gained notoriety in the second half of 2023, due to its ability to operate secretly and its agility to evade detection by antivirus systems

Data Loss Prevention(Data Loss Prevention)

Data Loss Prevention (DLP) is the process of identifying critical data within the organization and implementing controls to prevent unauthorized access or deletion of critical data.

DDoSia project(Distributed Denial of Service attack toolkit)

DDoSia is a Distributed Denial of Service (DDoS) attack toolkit, developed and used by the pro Russia hacktivist nationalist group NoName057(16) against countries critical of the Russian invasion of Ukraine.


Doenerium infostealer is a malicious software whose particularity is to discreetly collect and steal confidential information from victims' computers

EDR(Endpoint Detection and Response)

EDR stands for Endpoint Detection and Response. The term EDR first appeared in 2013 in an analysis by the consulting firm Gartner. Analyzing the fact that hackers primarily target employee workstations, Gartner has introduced the concept of “Endpoint Detection and Response” to designate a security solution to detect and remedy cyber threats targeting endpoints (computer, server).

EPP(Endpoint Protection Platform)

EPP (Endpoint Protection Platform) is a cybersecurity solution that helps organizations protect their devices (laptops, desktops, servers, and mobile devices) from cyber threats.

EPT(Endpoint protection tools)

Endpoint protection tools are security solutions that are designed to protect an organization's endpoints, such as laptops, desktops, servers, and mobile devices, from cyber threats.


A firewall is a network security system that helps protect your computer from unauthorized access. It does this by blocking incoming and outgoing requests to your computer, based on rules that the network administrator has predefined.

Frost & Sullivan Radar(Market analysis tool)

The Frost & Sullivan Radar is a market analysis tool that provides companies with a comprehensive analysis of market trends, competitive landscapes, and emerging technologies in various industries.

IAM(Identity and Access Management)

IAM is a process that enables IT teams to lay the foundation for secure and controlled access to digital assets, protecting organizations from data breaches and other security threats.

IoC(Indicator of compromise)

IoC (Indicator of compromise) is qualified technical data that makes it possible to detect malicious activities on an information system. These indicators can be based on data of various types, for example: a file hash, a signature, an IP address, a URL, a domain name… but in all cases, the technical data alone (observable, see this word) is not enough to talk about IoC.

ISAC(Information Sharing and Analysis Center)

ISAC (Information Sharing and Analysis Center) is a non-profit organization that provides a central resource capable of gathering information on cyber threats against critical infrastructures and share them with its members.

Kinsing malware(Malware)

Kinsing is a sophisticated and persistent software strain that targets server infrastructures running on Linux systems.

Mallox(Ransomware group)

Mallox (also known as Fargo and TargetCompany) is a ransomware strain active since mid-June 2021 and one of the prominent ransomware families targeting unsecured MS-SQL servers.

Malware analysis(Understanding malicious software)

Malware analysis is the process of dissecting and understanding malicious software, also known as malware.

MDAV(Microsoft Defender Antivirus)

Microsoft Defender Antivirus (MDAV) is an antivirus program included with Windows 10, Windows 8.1 and Windows 7. It acts as a classic antivirus, meaning it can block and quarantine threats but also has the capability to reduce the attack surface on your host through the “Controlled Folder Access” feature and the Attack Surface Reduction (ASR) rules.

MSSP(Managed Security Service Provider)

MSSP is a third-party service provider or supplier that offers computer security services to a client company on a subscription basis.

Predator spyware(A spyware developed by Cytrox )

Predator is a spyware developed by Cytrox that allows you to monitor and track the devices of its targets, collecting their data in a discreet way.

RaaS(Ransomware as a service)

Ransomware as a service (RaaS) is a software developed by cybercriminals that allows people to launch ransomware attacks without having any particular coding skills.

RDDoS(Ransom Distributed Denial of Service)

Ransom Distributed Denial of Service (RDDoS) are a form of cyber malicious campaign aiming at performing distributed denial of service until a ransom fee is paid.


Reaper (aka APT37) is an extremely sophisticated intrusion system that has been active since at least 2012. It mainly conducts cyber espionage campaigns against NGOs and other civil society actors (dissidents of the North Korean regime, journalists and defectors from the DPRK).

Residential proxies(IP addresses provided by Internet Service Providers)

Residential proxies are IP addresses provided by Internet Service Providers (ISPs) to homeowners.

Roaming Mantis(Roaming Mantis)

Roaming Mantis (Chinese intrusion set) is assessed to be a financially motivated group, with a history of targeting developed countries.


A modern SaaS SIEM provides a single detection capability for all IT assets and services of organizations. It is a cyber threat detection platform based on the fusion of Cyber Threat Intelligence and SIEM in the next-generation cloud.

Scattered Spider(Intrusion set)

Scattered Spider is a financially-motivated intrusion set engaging in highly lucrative cybercrime activities aimed at theft of sensitive data, cryptocurrency stealing, data exfiltration and ransomware deployment for extortion.

SEO poisoning(Search Engine Optimisation poisoning)

SEO poisoning is a method used by cyberattackers to position malicious websites in the best search engine results.

Shadow IT

Shadow IT is a term used to refer to hardware and software deployed by employees within an organization without the knowledge or approval of its IT department.

SIEM(Security Information and Event Management)

A SIEM (Security Information and Event Management) is an IT security tool that is used to collect, store and analyze large volumes of log data from all sources in the enterprise. It is used to take advantage of each of these data (collected) to identify and analyze, from a platform, the events and/or incidents that may take place on the company's computer network.

SOAR(Security Orchestration, Automation and Response)

A Security Orchestration Automation and Response system covers three major functions: response, orchestration, and automation of computer security systems. Along with SIEM and CTI, this is one of the three main functions of a SOC.

SOC(Security Operations Center)

Security Operations Center (SOC) is an organizational structure dedicated to the implementation of all the security operations of an organization against cyberattacks. These actions include the supervision and protection of an organization’s information system (workstations, networks, website, applications, databases, etc.)

STIX(Structured Threat Information eXpression)

STIX (Structured Threat Information eXpression) is an open standard describing objects of interest in the field of defensive computer warfare, and the links they can maintain between them.

Turla(Turla alias Uroburos, Snake, Venomous Bear)

TURLA (aka Uroburos, Snake, Venomous Bear) is an historical Russian-speaking cyber espionage group widely believed to be operated by the Federal Security Service of the Russian Federation (FSB).

Vice Society(Vice society)

Vice society is a little-known double extortion group that recently joined the cybercrime ecosystem.

XDR(eXtended Detection & Response)

XDR (eXtended Detection & Response) designates a holistic approach to cybersecurity operational. It stands out for its ability to consolidate and automate on a unified SaaS platform all data, analyzes and responses to cyber threats, regardless of their origin, supplier or specialization.