Threat Research & Intelligence
TDR

Sold to the Highest Bidder: The Escalation of ADINT from Geolocation Tracking to Intrusion Vector

Discover how private companies repurpose the advertising ecosystem into a global surveillance apparatus.
June 25, 2026
Threat Detection & Research Team
Maxime ARQUILLIERE
Coline CHAVANE
Read more
ALL
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Latest blogs
Threat Research & Intelligence
October 7, 2024

Mamba 2FA: A new contender in the AiTM phishing ecosystem

Discover Mamba 2FA, a previously unknown adversary-in-the-middle (AiTM) phishing kit, sold as phishing-as-a-service (PhaaS).

By
Grégoire CLERMONT
By
Threat Detection & Research Team
View more
Product News
October 4, 2024

Getting started with Detection-as-Code and Sekoia Platform

Whether you're an MSSP looking to enhance client offerings or an internal SOC team striving for operational excellence, adopting Detection-as-Code can be a game-changer. Here’s why it matters.

By
Antoine HEUZE
View more
Product News
October 3, 2024

Hunting for IoCs: from singles searches to an automated and repeatable process

Understanding cyber threats and IoC (Indicators of Compromise) is crucial for protecting your organisation from cybercriminal activities. At Sekoia, we’ve embraced this by developing a comprehensive solution that combines Cyber Threat Intelligence (T

By
Julien DE PINS
View more
Threat Research & Intelligence
TDR
October 2, 2024

Bulbature, beneath the waves of GobRAT

Since mid 2023, Sekoia Threat Detection & Research team (TDR) investigated an infrastructure which controls compromised edge devices transformed into Operational Relay Boxes used to launch offensive cyber attack.

By
Threat Detection & Research Team
By
Amaury-Jacques GARCON
By
Félix AIME
View more
Threat Research & Intelligence
TDR
September 30, 2024

Hadooken and K4Spreader: The 8220 Gang's Latest Arsenal

On 17 September 2024, Sekoia’s Threat Detection & Research (TDR) team identified a notable infection chain targeting both Windows and Linux systems through our Oracle WebLogic honeypot. The attacker exploited CVE-2017-10271 and CVE-2020-14883 Weblogi

By
Jérémy SCION
View more
SOC Insights & Other News
September 30, 2024

Why it’s time to replace your legacy SIEM with a SOC platform

In today’s cybersecurity landscape, upgrading from legacy SIEM solutions to modern SOC platforms is no longer a question of if, but when. As we enter 2024, security teams must adapt to the increasingly complex threats they face, and relying on outdat

By
Fabien DOMBARD
View more
SOC Insights & Other News
September 26, 2024

Navigating the NIS2 Directive: Key insights for cybersecurity compliance and how Sekoia.io can help

This article helps you comply with NIS2 (ISO27001 standard). It explores key features, requirements and implications of Directive NIS2.

By
Arnaud DECHOUX
By
Maxime ARANDEL
View more
Threat Research & Intelligence
TDR
September 25, 2024

SilentSelfie: Uncovering a major watering hole campaign against Kurdish websites

Our investigation uncovered 25 kurdish websites compromised by four different variants of a malicious script, ranging from the simplest, which obtains the device's location, to the most complex, which prompts selected users to install a malicious And

By
Threat Detection & Research Team
By
Félix AIME
By
Maxime ARQUILLIERE
View more
Threat Research & Intelligence
TDR
September 19, 2024

WebDAV-as-a-Service: Uncovering the infrastructure behind Emmenhtal loader distribution

This blogpost examines the use of WebDAV technology in hosting malicious files related to the Emmenhtal loader, then analyses the various final payloads delivered through this infrastructure, and concludes by exploring the possibility that the infras

By
Marc NEBOUT
By
Threat Detection & Research Team
View more
Threat Research & Intelligence
TDR
September 11, 2024

Securing Gold : Hunting typosquatted domains during the Olympics

Discover how Sekoia.io proactively hunts for typosquatted domains related to the Paris 2024 Olympics to detect and prevent cyber threats.

By
Maxime ARQUILLIERE
By
Amaury-Jacques GARCON
By
Coline CHAVANE
By
Threat Detection & Research Team
View more
Threat Research & Intelligence
TDR
September 9, 2024

A glimpse into the Quad7 operators' next moves and associated botnets

Uncover the secrets of the Quad7 botnet and its ever-evolving toolset. Learn about the new backdoors and protocols used by these operators.

By
Threat Detection & Research Team
By
Félix AIME
By
Pierre-Antoine DUCHANGE
By
Charles MESLAY
View more
SOC Insights & Other News
July 31, 2024

Enabling new service models with SSDP

Discover how SSDP are transforming SOCs and boosts MSSP activities into MDR and now MXDR services, transforming security service delivery.

By
Fabien DOMBARD
View more
Detection Engineering
TDR
July 24, 2024

Emulating and Detecting Scattered Spider-like Attacks

Explore a use-case scenario demonstrating how to detect scattered spider attacks in AWS environments and enhance your cloud security.

By
Threat Detection & Research Team
By
Mitigant
By
Guillaume COUCHARD
By
Erwan CHEVALIER
By
Kennedy TORKURA
View more
Threat Research & Intelligence
TDR
July 23, 2024

Solving the 7777 Botnet enigma: A cybersecurity quest

Discover 7777 botnet (aka Quad7) and its activity, targets, and use of TP-Link routers in Microsoft 365 attacks in our latest investigation.

By
Threat Detection & Research Team
By
Félix AIME
By
Pierre-Antoine DUCHANGE
By
Charles MESLAY
By
Grégoire CLERMONT
View more
SOC Insights & Other News
July 18, 2024

Technological Evolution and the Rise of Advanced Security Solutions for SMEs

In today's digital age, small and medium enterprises (SMEs) are facing unprecedented cybersecurity challenges. The threat landscape has evolved dramatically, with malicious actors constantly seeking out the weakest links, including those within suppl

By
Fabien DOMBARD
View more
Threat Research & Intelligence
TDR
July 15, 2024

MuddyWater replaces Atera by custom MuddyRot implant in a recent campaign

Find out how MuddyWater have changed their infection chain and employed a new implant dubbed "MuddyRot" by Sekoia TDR analysts.

By
Threat Detection & Research Team
View more

Threat Detection & Research team

Sekoia Threat Detection & Research team, commonly known as the TDR team, is the driving force behind the Sekoia SOC platform, delivering exclusive threat intelligence.

Meet TDR team

Read latest TDR articles