Sekoia.io

@[email protected]
140 Followers
1 Following
236 Posts
A #SOCplatform boosted by #AI and #threatintelligence, combining #SIEM, #SOAR, #Automation in a single solution. Used by End-users, MSSP and APIs
Websitehttps://sekoia.io
Bloghttps://blog.sekoia.io
GitHubhttps://github.com/SEKOIA-IO
Sekoia.io2d ago

#TDR analysts published a new report detailing #ErrTraffic, a widespread #ClickFix malware distribution framework.

ErrTraffic injects malicious JavaScript into compromised WordPress and malicious sites to serve ClickFix lures.

https://blog.sekoia.io/unveiling-errtraffic-inside-a-growing-clickfix-malware-distribution-framework/

Show threadSekoia.io2d ago

Our forensic analysis of compromised WordPress servers helped us to cluster ErrTraffic and map affiliates' TTPs and backdoors.

We notably identified two distinct clusters: "Analytics" operated by a single threat actor, and "Beer" likely operated by LenAI for affiliates.

Show threadSekoia.io2d ago
This blog post details the ErrTraffic threat and its associated ecosystem, highlighting three specific campaigns and their operators’ arsenal. Finally, it provides several analytical hypotheses regarding the MaaS operations and the organisation of these affiliate groups.
Show threadSekoia.io2d ago

The ErrTraffic MaaS offering includes:

- The EtherHiding technique to retrieve the C2 from Polygon smart contracts
- A Traffic Distribution System (TDS) to filter unwanted traffic
- Various ClickFix lures

LenAI, the operator behind ErrTraffic, sells subscriptions for $380/month

Show threadSekoia.io6d ago
- Return of custom implants: Deploying stealthy, modular toolsets (like Phantom Net Voxel) controlled via cloud infrastructures.
- Delegating logic to AI: Experimenting with malware (like LameHug) that queries an LLM on the fly to generate attack commands.
Show threadSekoia.io6d ago
This report is part of a broader coordinated effort, conducted since 2025 in collaboration with foreign and domestic law enforcement and government agencies, including the FBI, to limit APT28's activities and constrain GRU cyber operations.
Sekoia.io6d ago

🇷🇺 Sekoia #TDR team has just released a comprehensive analysis of how #APT28's arsenal has evolved, from its early to its current operations.

https://blog.sekoia.io/apt28-an-evolution-of-tradecraft/

Show threadSekoia.io6d ago
Here are the three major shifts defining APT28's modern operations:
- Infrastructure moved to the edge: Compromising SOHO devices and abusing cloud services to mask traffic.
Sekoia.ioJun 8

The second and third parts of our investigation into the #Gamaredon, the cyberespionage group operated by the Russian #FSB, are live!
🪆Part 2 — The loaders https://buff.ly/bBYZSKa
🪆Part 3 — The stealer & full infrastructure https://buff.ly/74WHuPd

#CTI #TDR #Sekoia

Sekoia.ioJun 1

Russia's #FSB-linked #Gamaredon has been hammering Ukraine's government, military & critical infrastructure for over a decade. We went behind the scenes.

Tracked their infrastructure. Recovered artefacts from compromised machines. Here's what we found 🧵 https://buff.ly/6hR2IMj