Wellan

🚨WithSecures discovers a novel Russian APT backdoor🚨 Mohammad Kazem, one of our W/Intelligence researchers, links the backdoor to the Sandworm group, a notorious Russian nation-state actor. 🔗labs.withsecure.com/publications/k… #Malware #Kapeka #Research

Our latest report on a CN #APT targeting tens of governments entities worldwide has been published 🥳 After monitoring it for a long time we realized it is likely related to the recent I-Soon company leaks. It discusses their TTPs and provides lots of IOCs trendmicro.com/en_us/research…

I am glad to share, my latest analysis on #DiceLoader, the network part related to the linked lists was a can of worms but it was really instructive. 🎲

Si vous vous intéressez à la réponse à incident cyber, après près de 3 ans d'échanges, consultations, discussions: les guides de l'ANSSI sur la remédiation sont en ligne: cyber.gouv.fr/piloter-la-rem…

At the #CrossedSwords exercise, the threat hunting team is working to identify offensive cyber activities by utilising the most cutting edge software from @DragosInc, @sekoia_io, @splunk, @StamusN, @TelsyGruppoTIM & @Thales_Cyber. They’re even training threat hunters worldwide!

In a paper also presented at #VB2023, Sekoia's Erwan Chevalier & Guillaume Couchard look into infection chains used by commodity malware and how generic detection rules can help in the fight against botnets. blog.sekoia.io/when-a-botnet-…

Recent WinRAR vuln exploited by actors from 🇷🇺 targeting 🇺🇦 and 🇨🇳 targeting 🇵🇬! Nice write up on the vuln from @Google TAG folks and summary of recent campaigns! APT4⃣0⃣ should be getting more attention than they do.. blog.google/threat-analysi…

#ESETresearch discovered a #cyberespionage campaign against a governmental entity in 🇬🇾 Guyana, which we named #Operation Jacana. To gain initial access, the attackers used #spearphishing emails referencing the political affairs of the country. welivesecurity.com/en/eset-resear… 1/4

🇬🇧 Next week, #VB2023 conference takes place in London! 🎤 #TDR analysts will be on stage for 2 talks: 1️⃣ When a botnet cries: detecting botnet infection chains @r1chev @Wellan129 2️⃣ Infostealers: investigate the cybercrime threat in its ecosystem @liviatibirna @plebourhis

The first part of my blog series on how we’ve been scaling detection and response operations at Coinbase is live! Interested in speeding up your investigations, increasing the visibility of key data sources, and improving quality of life for analysts? coinbase.com/blog/scaling-d…

📝 A new blog post from our #TDR team focuses on detection engineering around Microsoft Defender Antivirus (MDAV) blog.sekoia.io/engineering-de… #DetectionEngineering #SOCplatform #CTI

One month from now, the @virusbtn 2023 conference will take place in London! You'll be able to meet #TDR analysts from Sekoia.io in 2 talks! Infostealers: Investigate the cybercrime threat in its ecosystem by @liviatibirna and @plebourhis virusbulletin.com/conference/vb2… When a botnet cries: detecting botnet infection chains by @r1chev and @Wellan129 virusbulletin.com/conference/vb2…

At #VB2023 Sekoia.io's Guillaume Couchard & @r1chev will outline the infection chains used by commodity malware, common detection methods used against them, & how generic detection rules on these chains can help in the fight against botnets. virusbulletin.com/conference/vb2…

Microsoft has identified targeted attacks against the defense sector in Ukraine and Eastern Europe by the threat actor Secret Blizzard (KRYPTON, UAC-0003) leveraging DeliveryCheck, a novel .NET backdoor used to deliver a variety of second stage payloads. msft.it/6019gfoYU

The #APT28 intrusion set (aka ##PawnStorm, #FancyBear), associated with the 🇷🇺 Russian #GRU and famous for its cyberespionage and sabotage campaigns, was observed using multiple #phishing techniques to target 🇺🇦 Ukrainian civil society. 👉 blog.sekoia.io/apt28-leverage…

🚨 During the last 3 years, we have tracked a specific TA intending to infect Windows workstations on corporate environments, trying to alter legitimate banking transfers performed by the victims. Meet drIBAN. 💉 Chapter 1: cleafy.com/cleafy-labs/un… #drIBAN #sLoad #Ramnit

I am thrilled to announce I've joined the great team of @FiligranHQ as VP of Products, including #OpenCTI and #OpenEx. Working again with @SamuelHassine is incredible 🚀 ! I hope I'll be able to bring maximum value to the entire #cybersecurity and #cyberdefense communities! 💪

If you missed (like me) @Botconf! The talks are available on the Youtube channel 🤩 #Botconf #cybersecurity #infosec #ThreatIntelligence @BotConfTV/videos" target="_blank" rel="nofollow noopener">youtube.com/@BotConfTV/vid…

Today, me and @ateixei are releasing the EDR Telemetry project. This project aims to compare and evaluate the telemetry of various EDR products. ✅Introductory blog post: t.ly/9Ia3 ✅GitHub Repo: github.com/tsale/EDR-Tele… ✅Comparison Table: t.ly/HMht

Thank you #botconf2023! Was a great event with great people 🙂 My first time there and first time ever being a speaker at a conference but definitely not the last time! See you in Nice ;)