François Deruty
LightNews LightNews
banner
derutyf.bsky.social
François Deruty
@derutyf.bsky.social
300 followers 100 following 33 posts
threat intelligence at https://www.sekoia.io / former head of cert-fr https://blog.sekoia.io
www.sekoia.io
Posts Media Videos Starter Packs
derutyf.bsky.social
François Deruty @derutyf.bsky.social · 9d
TransparentTribe⤵️

blog.sekoia.io/transparentt...
TransparentTribe targets Indian military organisations with DeskRAT
TransparentTribe targets Indian military entities using DeskRAT, a Golang-based remote access Trojan. Learn how this new campaign works.
blog.sekoia.io
1
derutyf.bsky.social
François Deruty @derutyf.bsky.social · Sep 16
APT28⤵️

blog.sekoia.io/apt28-operat...
APT28 Operation Phantom Net Voxel
APT28 Operation Phantom Net Voxel: weaponized Office lures, COM-hijack DLL, PNG stego to Covenant Grunt via Koofr, BeardShell on icedrive.
blog.sekoia.io
1 2
derutyf.bsky.social
François Deruty @derutyf.bsky.social · Sep 4
Predators for hire ⤵️

blog.sekoia.io/predators-fo...
Predators for Hire: A Global Overview of Commercial Surveillance Vendors
Explore the 2025 landscape of Adversary-in-the-Middle phishing threats with data, trends, and top detection insights.
blog.sekoia.io
2
Reposted by François Deruty
technadu.com
TechNadu @technadu.com · Jun 23
TechNadu interviewed François Deruty (@derutyf.bsky.social), Chief Intelligence Officer of @sekoia.io, to get answers about innovations observed in cybercrime operations, challenges faced by CIOs, and adjustments to intelligence programs.

Read the interview⤵️

#AI #Cybersecurity #GenerativeAI #CTI
Exploiting Vulnerabilities Using AI at Machine Speed, the Alarming Number of Unpatched Devices, and Anticipating How Adversaries Think
Sekoia.io on collaborating with Europol, dynamic behavior modelling for Gen AI threats, and pooling CTI from various sources
www.technadu.com
1 2
Reposted by François Deruty
sekoia.io
Sekoia.io @sekoia.io · Jun 11
📝 Our latest #TDR report delivers an in-depth analysis of Adversary-in-the-Middle (#AitM) #phishing threats - targeting Microsoft 365 and Google accounts - and their ecosystem.

This report shares actionable intelligence to help analysts detect and investigate AitM phishing.
1 7 10
derutyf.bsky.social
François Deruty @derutyf.bsky.social · May 24
Vicious trapèze ⤵️

blog.sekoia.io/vicioustrap-...
ViciousTrap - Infiltrate, Control, Lure: Turning edge devices into honeypots en masse.
Discover ViciousTrap, a newly identified threat who turning edge devices into honeypots en masse targeting
blog.sekoia.io
2
derutyf.bsky.social
François Deruty @derutyf.bsky.social · Apr 16
Interlock⤵️

blog.sekoia.io/interlock-ra...
Interlock ransomware evolving under the radar
ClickFix ransomware attack uses deceptive prompts and PowerShell loaders to deploy threats like Interlock under the radar.
blog.sekoia.io
derutyf.bsky.social
François Deruty @derutyf.bsky.social · Apr 5
Clickfake ⤵️

blog.sekoia.io/clickfake-in...
From Contagious to ClickFake Interview: Lazarus leveraging the ClickFix tactic
Discover how Lazarus leverages fake job sites in the ClickFake Interview campaign targeting crypto firms using the ClickFix tactic.
blog.sekoia.io
derutyf.bsky.social
François Deruty @derutyf.bsky.social · Mar 18
Clearfake ⤵️

blog.sekoia.io/clearfakes-n...
ClearFake’s New Widespread Variant: Increased Web3 Exploitation for Malware Delivery
ClearFake spreads malware via compromised websites, using fake CAPTCHAs, JavaScript injections, and drive-by downloads.
blog.sekoia.io
derutyf.bsky.social
François Deruty @derutyf.bsky.social · Feb 25
PolarEdge ⤵️

blog.sekoia.io/polaredge-un...
PolarEdge: Unveiling an uncovered ORB network
Discover PolarEdge, a newly identified botnet targeting edge devices via CVE-2023-20118, using a stealthy TLS backdoor.
blog.sekoia.io
1
Reposted by François Deruty
sekoia.io
Sekoia.io @sekoia.io · Feb 24
Cyber threats impacting the financial sector: focus on the main actors

We're thrilled to announce the release of the latest strategic report by Sekoia #TDR. This analysis highlights key cyber threats to the #financial sector in 2024.

https://buff.ly/3D3IZl7
2 5
derutyf.bsky.social
François Deruty @derutyf.bsky.social · Feb 20
Cyber threats against financial sector⤵️

blog.sekoia.io/cyber-threat...
Cyber threats impacting the financial sector in 2024 - focus on the main actors
Delve into Finance-related cyber threats in 2024. Our report highlights major actors and tactics impacting the financial sector.
blog.sekoia.io
derutyf.bsky.social
François Deruty @derutyf.bsky.social · Feb 11
New paper⤵️

blog.sekoia.io/ratatouille-...
RATatouille: Cooking Up Chaos in the I2P Kitchen
Discover the challenges of ClickFix12 and the newly identified I2PRAT. Uncover the advanced techniques employed by this multi-stage RAT.
blog.sekoia.io
1 3
derutyf.bsky.social
François Deruty @derutyf.bsky.social · Feb 4
Detection part two⤵️

blog.sekoia.io/detection-en...
Detection engineering at scale: one step closer (part two)
Discover the power of detection engineering and how it can help scale your cybersecurity projects efficiently.
blog.sekoia.io
Reposted by François Deruty
caproni.fr
Nicolas Caproni @caproni.fr · Jan 29
🚨To strengthen the #investigation and #detection capabilities of the Sekoia.io Threat Detection & Research (TDR) team, we are looking for a Senior Technical Threat Researcher!

www.welcometothejungle.com/fr/companies...

#CTI #DetectionEngineering
Sr Technical Threat Researcher - Sekoia.io - CDI - Télétravail total
Sekoia.io recrute un(e) Sr Technical Threat Researcher !
www.welcometothejungle.com
4 5
derutyf.bsky.social
François Deruty @derutyf.bsky.social · Jan 29
If you are passionate about cyber threat intelligence, this offer is for you! ⤵️

www.welcometothejungle.com/fr/companies...
Sr Technical Threat Researcher - Sekoia.io - CDI - Télétravail total
Sekoia.io recrute un(e) Sr Technical Threat Researcher !
www.welcometothejungle.com
3
derutyf.bsky.social
François Deruty @derutyf.bsky.social · Jan 23
New campaign ⤵️

blog.sekoia.io/targeted-sup...
Targeted supply chain attack against Chrome browser extensions
In this blog post, learn about the supply chain attack targeting Chrome browser extensions and the associated targeted phishing campaign.
blog.sekoia.io
2 3
Reposted by François Deruty
crep1x.bsky.social
crep1x @crep1x.bsky.social · Jan 20
Around 1,000 malicious domains are hosting webpages impersonating Reddit and WeTransfer, redirecting users to download password-protected archives

These archives contain an AutoIT dropper, we internally named #SelfAU3 Dropper at @sekoia.io, which executes #Lumma Stealer

IoCs ⬇️
2 6 9
derutyf.bsky.social
François Deruty @derutyf.bsky.social · Jan 16
New AiTM phishing as a service ⤵️

blog.sekoia.io/sneaky-2fa-e...
Sneaky 2FA: exposing a new AiTM Phishing-as-a-Service
In this blog post, learn about Sneaky 2FA, a new Adversary-in-the-Middle (AiTM) phishing kit targeting Microsoft 365 accounts.
blog.sekoia.io
Reposted by François Deruty
infosec.skyfleet.blue
InfoSec @infosec.skyfleet.blue · Jan 15
FBI deletes Chinese PlugX malware from thousands of US computers
FBI deletes Chinese PlugX malware from thousands of US computers
​The U.S. Department of Justice announced today that the FBI has deleted Chinese PlugX malware from over 4,200 computers in networks across the United States.
www.bleepingcomputer.com
2 3
Reposted by François Deruty
jgreig.bsky.social
jon greig @jgreig.bsky.social · Jan 14
The DOJ worked with French authorities and Sekoia.io to remove PlugX malware from thousands of devices around the world

therecord.media/doj-deletes-...
DOJ deletes China-linked PlugX malware off more than 4,200 US computers
U.S law enforcement accused the People’s Republic of China of paying hackers that are part of a well-known group called Mustang Panda to deploy the PlugX malware — which allows them to “infect, contro...
therecord.media
9 16
derutyf.bsky.social
François Deruty @derutyf.bsky.social · Jan 14
International cooperation, proud of TDR team from @sekoia.io ⤵️

www.justice.gov/opa/pr/justi...
Justice Department and FBI Conduct International Operation to Delete Malware Used by China-Backed Hackers
The Justice Department and FBI today announced a multi-month law enforcement operation that, alongside international partners, deleted “PlugX” malware from thousands of infected computers worldwide. A...
www.justice.gov
2 3 17
Reposted by François Deruty
sekoia.io
Sekoia.io @sekoia.io · Jan 13
🇷🇺 #DoubleTap Campaign: #Russia-nexus APT possibly related to #APT28 conducts cyber espionage on Central Asia and Kazakhstan diplomatic relations

https://buff.ly/3WEwPG7
1 6 8
derutyf.bsky.social
François Deruty @derutyf.bsky.social · Jan 13
Double-tap campaign ⤵️

blog.sekoia.io/double-tap-c...
Double-Tap Campaign : Russia-nexus APT possibly related to APT28 conducts cyber espionage on Central Asia and Kazakhstan diplomatic relations
Uncover the details of UAC-0063 cyberespionage campaign in Kazakhstan and its potential connection to APT28
blog.sekoia.io
2
derutyf.bsky.social
François Deruty @derutyf.bsky.social · Jan 9
Feedbacks on a botnet disinfection campaign ⤵️

blog.sekoia.io/plugx-worm-d...
PlugX worm disinfection campaign feedbacks
Discover how we successfully disinfected thousands of computers infected with the PlugX worm using two remote disinfection methods.
blog.sekoia.io
2