Author | Lightnews

Reposted by Nicolas Caproni

Sekoia.io @sekoia.io · 14h

#TDR analysts dig into a modus operandi targeting the hospitality industry and the related cybercrime ecosystem that facilitates #phishing and #fraud campaigns.

blog.sekoia.io/phishing-cam...

1 2 4

Reposted by Nicolas Caproni

Sekoia.io @sekoia.io · 23d

After our initial #PolarEdge #botnet write-up, we’re happy to announce the second part: “Defrosting PolarEdge’s Backdoor,” a full technical deep-dive into its TLS-based implant.

blog.sekoia.io/polaredge-ba...

1 4 2

Nicolas Caproni @caproni.fr · Oct 6

Je recherche un Threat Researcher pour l’équipe TDR de @sekoia.io !

Vous aimez faire des règles #Sigma et #Yara ? Vous adorez pivoter et traquer les infrastructures (C2) d’attaques des cybercriminels ?

Alors cette offre d’emploi est faite pour vous !

www.welcometothejungle.com/en/companies...

Technical Threat Researcher – Sekoia.io – Permanent contract – Fully-remote

Sekoia.io is looking for a Technical Threat Researcher!

www.welcometothejungle.com

1 1

Reposted by Nicolas Caproni

Sekoia.io @sekoia.io · Oct 2

Key takeaways:

✉️ API exploitation: attackers leverage an exposed /cgi endpoint to push malicious SMS without authentication
🌐 Scale of exposure: over 18,000 routers accessible on the internet; 572 confirmed vulnerable

1 1 1

Reposted by Nicolas Caproni

Sekoia.io @sekoia.io · Oct 2

📱 Silent Smishing: The Hidden Abuse of Cellular Router APIs

Our latest #CTI investigation from Sekoia #TDR team uncovers a novel #smishing vector abusing Milesight industrial cellular router APIs to send phishing #SMS at scale.

blog.sekoia.io/silent-smish...

1 4 4

Reposted by Nicolas Caproni

Sekoia.io @sekoia.io · Sep 16

🐻 #APT28 – Operation Phantom Net Voxel: deep-dive into the latest spear-phishing campaign targeting Ukrainian military administrative staff.

blog.sekoia.io/apt28-operat...

1 2 2

Reposted by Nicolas Caproni

Sekoia.io @sekoia.io · Sep 2

[Threat investigation alert 🚨] Predators for Hire: A Global Overview of Commercial Surveillance Vendors

➡️ blog.sekoia.io/predators-fo...

1 4 2

Reposted by Nicolas Caproni

Sekoia.io @sekoia.io · Jul 21

🔥 Hot summer, sizzling crypto... and scammers turning up the heat 🔥

Back in March, Sekoia #TDR team published a deep-dive report on a #Lazarus cluster we dubbed #ClickFake Interview, leveraging the #ClickFix technique in their #ContagiousInterview campaign.

1 1 1

Reposted by Nicolas Caproni

Sekoia.io @sekoia.io · Jul 8

You can find the phishing kit sheets on our blog: blog.sekoia.io/global-analy...

And on our Community GitHub: github.com/SEKOIA-IO/Co...

2 1

Reposted by Nicolas Caproni

Sekoia.io @sekoia.io · Jul 8

These sheets aim to assist SOC analysts in detecting and investigating #AitM #phishing compromises by offering context, technical details, infrastructure overview, detection opportunities, and more.

All are available in the PDF report and our Community GitHub.

1 2 1

Reposted by Nicolas Caproni

Sekoia.io @sekoia.io · Jul 8

A few weeks ago, we published our global analysis of Adversary-in-the-Middle #phishing threats, providing actionable intelligence on multiple #AitM phishing kits.

This report includes 11 sheets covering the most widespread #AitM phishing kits as of Q1 2025.

1 2 5

Reposted by Nicolas Caproni

Sekoia.io @sekoia.io · Jun 11

📝 Our latest #TDR report delivers an in-depth analysis of Adversary-in-the-Middle (#AitM) #phishing threats - targeting Microsoft 365 and Google accounts - and their ecosystem.

This report shares actionable intelligence to help analysts detect and investigate AitM phishing.

1 7 10

Reposted by Nicolas Caproni

Sekoia.io @sekoia.io · May 27

🧀 The Sharp Taste of #Mimo’lette: Analyzing Mimo’s Latest Campaign targeting #Craft CMS

blog.sekoia.io/the-sharp-ta...

The Sharp Taste of Mimo'lette: Analyzing Mimo’s Latest Campaign targeting Craft CMS

Analysis of the CVE-2025-32432 compromise chain by Mimo: exploitation, loader, crypto miner, proxyware, and detection opportunities.

blog.sekoia.io

1 3

Reposted by Nicolas Caproni

Sekoia.io @sekoia.io · May 22

🪤 Sekoia #TDR's new exclusive research uncovers the #ViciousTrap, a honeypot network deployed on compromised edge devices.

blog.sekoia.io/vicioustrap-...

ViciousTrap - Infiltrate, Control, Lure: Turning edge devices into honeypots en masse.

Discover ViciousTrap, a newly identified threat who turning edge devices into honeypots en masse targeting

blog.sekoia.io

2 4

Reposted by Nicolas Caproni

Sekoia.io @sekoia.io · Apr 23

Our new report describes one of the latest observed infection chains (delivering #AsyncRAT) relying on the #Cloudflare tunnel infrastructure and the attacker’s #TTPs with a principal focus on detection opportunities.

blog.sekoia.io/detecting-mu...

1 2

Reposted by Nicolas Caproni

Sekoia.io @sekoia.io · Apr 16

Since the apparition of the #Interlock ransomware, the Sekoia #TDR team observed its operators evolving, improving their toolset (#LummaStealer and #BerserkStealer), and leveraging new techniques such as #ClickFix to deploy the ransomware payload.

blog.sekoia.io/interlock-ra...

5 2

Nicolas Caproni @caproni.fr · Apr 9

Pour accélérer son développement, @sekoia.io lève 26 M€

www.lemondeinformatique.fr/actualites/l...

Pour accélérer son développement, Sekoia.io lève 26 M€ - Le Monde Informatique

Après un premier tour de table de 35 M€, Sekoia.io annonce une seconde levée de fonds de 26 M€. Ce financement va servir à l'éditeur de...

www.lemondeinformatique.fr

1 2

Reposted by Nicolas Caproni

Sekoia.io @sekoia.io · Apr 9

🎉 It's not about a CTI investigation or a Detection Engineering topic, but today we are happy to announce that Sekoia.io has raised €26m!
www.sekoia.io/en/presse/se...

1 4

Nicolas Caproni @caproni.fr · Apr 2

Retrouvez moi toute la journée au Forum INCYBER Europe (#FIC2025) pour Sekoia.io ! Rendez-vous stand #A17 pour échanger !

2

Reposted by Nicolas Caproni

Sekoia.io @sekoia.io · Mar 31

🇰🇵 Sekoia #TDR team investigated a malicious campaign that employs fake job interview websites to deliver backdoors on Windows and macOS - #GolangGhost using #ClickFix tactic. Dubbed #ClickFake Interview, this campaign has been attributed to #Lazarus APT

blog.sekoia.io/clickfake-in...

2 5

Reposted by Nicolas Caproni

Sekoia.io @sekoia.io · Mar 10

The conclusion (part three) of our series on #DetectionEngineering is finally here! buff.ly/dijB0fy

1 3

Reposted by Nicolas Caproni

crep1x @crep1x.bsky.social · Mar 6

#ClearFake variant is now spreading #Rhadamanthys Stealer via #Emmenhtal Loader.

cc @plebourhis.bsky.social @sekoia.io

1. ClearFake framework is injected on compromised WordPress and relies on EtherHiding

2. The #ClickFix lure uses a fake Cloudflare Turnstile with unusual web traffic

⬇️

2 2 3

Reposted by Nicolas Caproni

Sekoia.io @sekoia.io · Feb 25

Using our #honeypots, we uncovered an unreported #botnet that has been operational since at least the end of November 2023. This #PolarEdge botnet has been focusing on #edge devices, particularly those made by #Cisco, #Asus, #QNAP, and #Synology.

https://buff.ly/4ibOEo8

4 6

Reposted by Nicolas Caproni

Sekoia.io @sekoia.io · Feb 24

Cyber threats impacting the financial sector: focus on the main actors

We're thrilled to announce the release of the latest strategic report by Sekoia #TDR. This analysis highlights key cyber threats to the #financial sector in 2024.

https://buff.ly/3D3IZl7

2 5

Reposted by Nicolas Caproni

Sekoia.io @sekoia.io · Feb 4

🔍 Large-scale detection engineering: part two! 🚀

In this article, we explore an innovative approach that transforms the execution of automated actions via CI/CD pipelines, enabling effective scaling and alignment with developer and DevOps practices.

Detection engineering at scale: one step closer (part two)

Discover the power of detection engineering and how it can help scale your cybersecurity projects efficiently.

buff.ly

1 3