Predators for Hire: A Global Overview of Commercial Surveillance Vendors
This report provides an overview of the commercial surveillance vendors ecosystem between 2010 and 2025, analysing their spyware offerings, business models, client base, target profiles, and infection chains.
Double-Tap Campaign: Russia-nexus APT possibly related to APT28 conducts cyber espionage on Central Asia and Kazakhstan diplomatic relations
Uncover the details of UAC-0063 cyberespionage campaign in Kazakhstan and its potential connection to APT28
SilentSelfie: Uncovering a major watering hole campaign against Kurdish websites
Our investigation uncovered 25 kurdish websites compromised by four different variants of a malicious script, ranging from the simplest, which obtains the device's location, to the most complex, which prompts selected users to install a malicious And
NoName057(16)'s DDoSia project: 2024 updates and behavioural shifts
Learn about NoName057(16), a pro-Russian hacktivist group behind Project DDoSia targeting entities supporting Ukraine. Discover an overview of the changes made by the group, both from the perspective of the software shared by the group to generate DD
Securing Gold: Assessing Cyber Threats on Paris 2024
Based on these observations and given the constantly evolving cyber threat landscape, we analysed cyber threats affecting previous editions of the Olympics, as well as the current geopolitical context to understand potential motivations of malicious
Active Lycantrox infrastructure illumination
Sekoia.io is actively monitoring hundreds of malicious infrastructure clusters to protect its customers. In light of the recent Citizenlab blogspot and in solidarity with the efforts against cyber mercenaries, we have chosen to shed light on one of t
The Transportation sector cyber threat overview
This report aims at contextualising cyber activities targeting the transportation sector worldwide over the 2022 - 2023 period. This report is based on open source reporting and Sekoia.io observations of campaigns mostly impacting the road, air and r
Calisto show interests into entities involved in Ukraine war support
Calisto (aka Callisto, COLDRIVER) is suspected to be a Russian-nexus intrusion set active since at least April 2017. Although it was not publicly attributed to any Russian intelligence service, past Calisto operations showed objectives and victimolog
