Threat Research & Intelligence
TDR

Sold to the Highest Bidder: The Escalation of ADINT from Geolocation Tracking to Intrusion Vector

Discover how private companies repurpose the advertising ecosystem into a global surveillance apparatus.
June 25, 2026
Threat Detection & Research Team
Maxime ARQUILLIERE
Coline CHAVANE
Read more
ALL
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Latest blogs
Detection Engineering
TDR
February 4, 2025

Detection engineering at scale: one step closer (part two)

In this article, we will build upon the previous discussion of our detection approach and associated challenges by detailing the regular and automated actions implemented through our CI/CD pipelines.

By
Guillaume COUCHARD
By
Erwan CHEVALIER
By
Threat Detection & Research Team
View more
Threat Research & Intelligence
TDR
January 22, 2025

Targeted supply chain attack against Chrome browser extensions

On 26 December 2024, the data security company Cyberhaven informed its users about a compromise of their Chrome browser extension. The attacker exploited the extension developer's permissions, which had been previously gained through a targeted phish

By
Quentin BOURGUE
By
Threat Detection & Research Team
View more
SOC Insights & Other News
January 20, 2025

Transition from IBM QRadar to Sekoia for a modern & rewarding experience

In this article, we’ll explore why making the switch from QRadar to Sekoia Defend is a rewarding experience and how Sekoia’s state-of-the-art platform offers unparalleled flexibility and power.

By
Sekoia.io
View more
Threat Research & Intelligence
TDR
January 16, 2025

Sneaky 2FA: exposing a new AiTM Phishing-as-a-Service

In this blog post, learn about Sneaky 2FA, a new Adversary-in-the-Middle (AiTM) phishing kit targeting Microsoft 365 accounts.

By
Quentin BOURGUE
By
Grégoire CLERMONT
By
Threat Detection & Research Team
View more
Threat Research & Intelligence
TDR
January 13, 2025

Double-Tap Campaign: Russia-nexus APT possibly related to APT28 conducts cyber espionage on Central Asia and Kazakhstan diplomatic relations

Uncover the details of UAC-0063 cyberespionage campaign in Kazakhstan and its potential connection to APT28

By
Amaury-Jacques GARCON
By
Maxime ARQUILLIERE
By
Erwan CHEVALIER
By
Félix AIME
By
Threat Detection & Research Team
View more
Threat Research & Intelligence
TDR
December 26, 2024

PlugX worm disinfection campaign feedbacks

Discover how we successfully disinfected thousands of computers infected with the PlugX worm using two remote disinfection methods.

By
Threat Detection & Research Team
View more
Threat Research & Intelligence
TDR
December 19, 2024

Happy YARA Christmas!

Discover daily YARA usage at Sekoia.io TDR. Learn how YARA rules identify threats and aid in investigations and DFIR engagements.

By
Threat Detection & Research Team
View more
Detection Engineering
TDR
December 16, 2024

Detection engineering at scale: one step closer (part one)

Security Operations Center (SOC) and Detection Engineering teams frequently encounter challenges in both creating and maintaining detection rules, along with their associated documentation, over time. These difficulties stem largely from the sheer nu

By
Guillaume COUCHARD
By
Erwan CHEVALIER
By
Threat Detection & Research Team
View more
Product News
December 12, 2024

The story behind Sekoia.io Custom Integrations

Experience the creativity and teamwork behind Sekoia.io Custom Integrations. Go behind the scenes of our traditional hackathon.

By
Julien CUNY
By
Khaoula ETTALEB
View more
SOC Insights & Other News
December 3, 2024

Implementing blocklists in the Sekoia SOC platform

On a calm Friday afternoon, rumors of a new active threat starts hitting the various social network websites. Your CSIRT team starts checking the private channels they have with other CERTs and starts compiling a list of Indicators of…

By
Sekoia.io
View more
Threat Research & Intelligence
TDR
November 27, 2024

Ransomware-driven data exfiltration: techniques and implications

Learn about the comprehensive analysis of data exfiltration techniques and tools used by ransomware and extortion groups in campaigns.

By
Livia TIBIRNA
By
Caroline LEWIS
By
Threat Detection & Research Team
View more
Threat Research & Intelligence
TDR
November 19, 2024

Helldown Ransomware: an overview of this emerging threat

This blogpost provide a comprehensive Analysis of Helldown: Tactics, Techniques, and Procedures (TTPs).

By
Jérémy SCION
By
Threat Detection & Research Team
View more
Threat Research & Intelligence
TDR
November 13, 2024

A three beats waltz: The ecosystem behind Chinese state-sponsored cyber threats

Sekoia TDR analysts conduct an assessment of threats regarding the major elections that will occur in 2024.

By
Threat Detection & Research Team
By
Coline CHAVANE
View more
Threat Research & Intelligence
November 5, 2024

ClickFix tactic: Revenge of detection

This blog post provides an overview of the observed Clickfix clusters and suggests detection rules based on an analysis of the various infection methods employed.

By
Jérémy SCION
By
Threat Detection & Research Team
View more
Threat Research & Intelligence
TDR
October 17, 2024

ClickFix tactic: The Phantom Meet

This blog post provides a chronological overview of the observed ClickFix campaigns. We further share technical details about a ClickFix cluster that uses fake Google Meet video conference pages to distribute infostealers.

By
Quentin BOURGUE
By
Threat Detection & Research Team
View more
Product News
October 10, 2024

Mastering SOC complexity: Optimizing access management with Sekoia Defend

In hybrid and outsourced SOC models, managing access for different stakeholders—including internal security teams, MSSP personnel, and other IT departments—can be complex. Even different teams than security ones may need access to specific data, such

By
Maxime HUGON
View more

Threat Detection & Research team

Sekoia Threat Detection & Research team, commonly known as the TDR team, is the driving force behind the Sekoia SOC platform, delivering exclusive threat intelligence.

Meet TDR team

Read latest TDR articles