📝 Our latest #TDR report delivers an in-depth analysis of Adversary-in-the-Middle (#AitM) #phishing threats - targeting Microsoft 365 and Google accounts - and their ecosystem. This report shares actionable intelligence to help analysts detect and investigate AitM phishing.

💡 Curious how the full infection chain works? We have broken it all down for you here 😈👇.

Multiple fake employees are now promoting this bogus company on LinkedIn:.- hxxps://www.linkedin.com/in/serhii-s-723b3435b/.- hxxps://www.linkedin.com/in/vitalii-bilousov-141658341/.- hxxps://www.linkedin.com/in/jose-rincon-61a97521/. Also on Telegram:.- hxxps://t.me/waventic.

No OS left behind. It happily infects Windows, macOS, and Linux systems. Unlike before, they're not impersonating a real crypto company. Instead, they have built a completely #fake brand from scratch: https://waventic[.]com.

And everything is hosted on a single platform. At the end of the process, you're politely asked to download a 'driver' to magically make your webcam work ✨.Spoiler alert: it's not a driver, it's #GolangGhost, a custom malware with remote access capabilities.

Well, this campaign is still alive and evolving. Since then, dozens of new domains have surfaced. And in June, things got even more interesting 👀 . We came across a new site: apply[.]waventic[.]com . This time, it has been upgraded: fresh visuals, new interview questions. .

🔥 Hot summer, sizzling crypto. and scammers turning up the heat 🔥. Back in March, Sekoia #TDR team published a deep-dive report on a #Lazarus cluster we dubbed #ClickFake Interview, leveraging the #ClickFix technique in their #ContagiousInterview campaign.

You can find the phishing kit sheets on our blog: And on our Community GitHub:

These sheets aim to assist SOC analysts in detecting and investigating #AitM #phishing compromises by offering context, technical details, infrastructure overview, detection opportunities, and more. All are available in the PDF report and our Community GitHub.

A few weeks ago, we published our global analysis of Adversary-in-the-Middle #phishing threats, providing actionable intelligence on multiple #AitM phishing kits. This report includes 11 sheets covering the most widespread #AitM phishing kits as of Q1 2025.

RT @crep1x: We are excited to share our latest blogpost on AitM phishing threats - covering common TTPs, the PhaaS ecosystem, the most wide….

We hope SOC, CERT and CTI teams find our global analysis of AitM phishing threats both insightful and actionable. Dive in here ⬇️.

🕵️ We also highlight multiple detection opportunities for AitM attacks in Microsoft Entra environments. All technical details are available on our community GitHub:

🎣 Leveraging our telemetry and proactive hunting, we ranked the most widespread AitM phishing kits - #Tycoon2FA, #Storm1167, #NakedPages, #Sneaky2FA, and more. Additionally, the article includes summary sheets covering 11 AitM phishing kits.

🔍 Phishing-as-a-Service (#PhaaS) is driving a wave of large-scale, sophisticated attacks against organisations. In our new blogpost, we provide an overview of the key techniques, tactics and social engineering schemes that cybercriminals use in AitM phishing attacks.

🧀 The Sharp Taste of #Mimo’lette: Analyzing Mimo’s Latest Campaign targeting #Craft CMS.

🪤 Sekoia #TDR's new exclusive research uncovers the #ViciousTrap, a honeypot network deployed on compromised edge devices.

Our new report describes one of the latest observed infection chains (delivering #AsyncRAT) relying on the #Cloudflare tunnel infrastructure and the attacker’s #TTPs with a principal focus on detection opportunities.

Since the apparition of the #Interlock ransomware, the Sekoia #TDR team observed its operators evolving, improving their toolset (#LummaStealer #BerserkStealer), and leveraging new techniques such as #ClickFix to deploy the ransomware payload.

🎉 It's not about a CTI investigation or a Detection Engineering topic, but today we are happy to announce that has raised €26m! .