Profile avatar
caproni.fr
Head of Sekoia Threat Detection & Research (TDR) team • Cyber Threat Intelligence • Detection Engineering • SOC Platform 🇫🇷 🇪🇺 • Hip-Hop • Basketball
79 posts 458 followers 183 following
Prolific Poster
Posts 49 Comments 1

Using our #honeypots, we uncovered an unreported #botnet that has been operational since at least the end of November 2023. This #PolarEdge botnet has been focusing on #edge devices, particularly those made by #Cisco, #Asus, #QNAP, and #Synology. https://buff.ly/4ibOEo8

submitted 1 day ago • 0 comments

Cyber threats impacting the financial sector: focus on the main actors We're thrilled to announce the release of the latest strategic report by Sekoia #TDR. This analysis highlights key cyber threats to the #financial sector in 2024. https://buff.ly/3D3IZl7

submitted 2 days ago • 0 comments

🔍 Large-scale detection engineering: part two! 🚀 In this article, we explore an innovative approach that transforms the execution of automated actions via CI/CD pipelines, enabling effective scaling and alignment with developer and DevOps practices.

submitted 22 days ago • 0 comments

🚨To strengthen the #investigation and #detection capabilities of the Sekoia.io Threat Detection & Research (TDR) team, we are looking for a Senior Technical Threat Researcher! www.welcometothejungle.com/fr/companies... #CTI #DetectionEngineering

submitted 28 days ago • 0 comments

TDR analysts analysed the supply chain attack targeting Chrome browser extensions, which potentially affected hundreds of thousands of end users in December 2024. https://buff.ly/4auQ0HN

submitted 35 days ago • 1 comment

Around 1,000 malicious domains are hosting webpages impersonating Reddit and WeTransfer, redirecting users to download password-protected archives These archives contain an AutoIT dropper, we internally named #SelfAU3 Dropper at @sekoia.io, which executes #Lumma Stealer IoCs ⬇️

submitted 37 days ago • 2 comments

🔍 TDR analysts discovered a new Adversary-in-the-Middle (#AiTM) #phishing kit, specifically targeting Microsoft 365 accounts and circumventing 2-step verification: Sneaky 2FA https://blog.sekoia.io/sneaky-2fa-exposing-a-new-aitm-phishing-as-a-service/ #detection #sneaky2fa

submitted 41 days ago • 1 comment

🇷🇺 #DoubleTap Campaign: #Russia-nexus APT possibly related to #APT28 conducts cyber espionage on Central Asia and Kazakhstan diplomatic relations https://buff.ly/3WEwPG7

submitted 44 days ago • 1 comment

A look back at #PlugX #worm “sovereign disinfection” campaign

submitted 48 days ago • 0 comments

Ivanti Connect Secure VPN Targeted in New Zero-Day Exploitation

submitted 48 days ago • 0 comments

Banshee: The Stealer That "Stole Code" From MacOS XProtect

submitted 48 days ago • 0 comments

Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit

submitted 48 days ago • 0 comments

Malicious npm Campaign Targets Ethereum Developers with Fake Hardhat Packages

submitted 51 days ago • 0 comments

“Can you try a game I made?” Fake game sites lead to information stealers

submitted 51 days ago • 0 comments

🎉 Happy New Year! Hopefully, we'll see as many people as possible here in 2025🤞

submitted 54 days ago • 0 comments

“DeceptionAds” — Fake Captcha Driving Infostealer Infections and a Glimpse to the Dark Side of Internet Advertising

submitted 70 days ago • 0 comments

Effective Phishing Campaign Targeting European Companies and Institutions

submitted 70 days ago • 0 comments

Hidden in Plain Sight: TA397’s (aka #Bitter) New Attack Chain Delivers Espionage RATs

submitted 71 days ago • 0 comments

Dragos Industrial Ransomware Analysis: Q3 2024

submitted 71 days ago • 0 comments

Perfctl malware exploiting exposed Portainer agent and using new SSH persistence

submitted 71 days ago • 0 comments

A Look Back: The Evolution of Latin American #eCrime Malware in 2024 The evolution of LATAM-based #malware in 2024 highlights the adaptability and ingenuity of its developers, who continue to refine their tools to sustain successful eCrime campaigns.

submitted 71 days ago • 0 comments

NodeLoader Used to Deliver Malware

submitted 73 days ago • 0 comments

Inside a New OT/IoT Cyberweapon: IOCONTROL

submitted 75 days ago • 0 comments

Xloader deep dive: Link-based malware delivery via SharePoint impersonation

submitted 75 days ago • 0 comments

Lookout Discovers New Chinese Surveillance Tool Used by Public Security

submitted 76 days ago • 0 comments

🇨🇳 Likely China-based Attackers Target High-profile Organizations in Southeast Asia

submitted 76 days ago • 0 comments

🇷🇺 Frequent freeloader part II: Russian actor Secret Blizzard (aka #Turla) using tools of other groups to attack Ukraine

submitted 76 days ago • 0 comments

Inside Zloader’s Latest Trick: DNS Tunneling

submitted 77 days ago • 0 comments

A Kernel Land Rootkit Loader for FK_Undead

submitted 78 days ago • 0 comments

New ‘Termite’ ransomware group claims responsibility for Blue Yonder cyberattack

submitted 78 days ago • 0 comments

Cleo Software Actively Being Exploited in the Wild

submitted 78 days ago • 0 comments

Meeten Malware: A Cross-Platform Threat to Crypto Wallets on macOS and Windows

submitted 79 days ago • 0 comments

CERT Wavestone - 2024 Report: Trends, analysis, and lessons for 2025 from a year of incident response

submitted 82 days ago • 0 comments

This research examines recent #BlueAlpha (#Gamaredon) activity targeting Ukraine. BlueAlpha — linked to #FSB Centre 18 — has been observed abusing Cloudflare Tunnels to conceal GammaDrop staging infrastructure.

submitted 83 days ago • 0 comments

Operation Digital Eye | Chinese APT Compromises Critical Digital Infrastructure via Visual Studio Code Tunnels

submitted 83 days ago • 1 comment

Large U.S. organization was the subject of a four-month-long intrusion by China-based attackers

submitted 83 days ago • 0 comments

MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks

submitted 83 days ago • 0 comments

Storm-1811 exploits #RMM tools to drop #BlackBasta ransomware

submitted 83 days ago • 0 comments

#RobotDropper Automates the Delivery of Multiple #Infostealers

submitted 83 days ago • 0 comments

#DroidBot: Insights from a new Turkish MaaS fraud operation | Cleafy Labs

submitted 83 days ago • 0 comments

Stellar Discovery of A New Cluster of Andromeda/Gamarue C2

submitted 83 days ago • 0 comments

How 🇷🇺 #Turla used the infrastructure of 🇵🇰 #APT36 to install backdoors and collect intelligence on targets of interest in South Asia.

submitted 84 days ago • 0 comments

Hunting Payroll Pirates: Silent Push Tracks HR Redirect Phishing Scam

submitted 84 days ago • 0 comments

#Gafgyt Malware Broadens Its Scope in Recent Attacks

submitted 84 days ago • 0 comments

Repeat offenders drive bulk of tech support scams via Google Ads | Malwarebytes

submitted 84 days ago • 0 comments

🦝 The new episode of @intel471.bsky.social "Cybercrime Exposed" podcast produced by @jkirk.bsky.social tells the story of #Raccoon Stealer and, more broadly, reveals how the #infostealer ecosystem operates. Featuring @crep1x.bsky.social from @sekoia.io! intel471.com/resources/po...

submitted 84 days ago • 0 comments

#SmokeLoader Attack Targets Companies in Taiwan | FortiGuard Labs

submitted 84 days ago • 0 comments

Did you miss the #VB2024 conference? The videos of the talks are online!

submitted 84 days ago • 0 comments

U.S. government says #SaltTyphoon is still in #telecom networks

submitted 84 days ago • 0 comments