Trending
François Deruty's Avatar

François Deruty

@derutyf

threat intelligence at https://www.sekoia.io / former head of cert-fr https://blog.sekoia.io

303
Followers 104
Following 37
Posts 22.10.2023
Joined
Posts Following

Latest posts by François Deruty @derutyf

Preview
OysterLoader Unmasked: The Multi-Stage Evasion Loader Unmasking OysterLoader's evasion: from API hammering to custom LZMA. Explore the 4-stage infection chain and its ties to Rhysida ransomware.

OysterLoader ⤵️

blog.sekoia.io/oysterloader...

20.02.2026 09:30 👍 0 🔁 0 💬 0 📌 0
Preview
Meet IClickFix: a widespread WordPress-targeting framework using the ClickFix tactic Uncover IClickFix: a malicious framework exploiting the ClickFix tactic in widespread malware campaigns to deliver NetSupport RAT.

IClickfix ⤵️

blog.sekoia.io/meet-iclickf...

29.01.2026 13:49 👍 0 🔁 0 💬 0 📌 0
Preview
Leveraging Landlock telemetry for Linux detection engineering This blogpost explore how Landlock as an interesting security mechanism and a valuable source of telemetry for detection engineering.

Leveraging Landlock telemetry for Linux detection engineering ⤵️

blog.sekoia.io/leveraging-l...

14.01.2026 08:58 👍 0 🔁 0 💬 0 📌 0
Phishing Campaigns "I Paid Twice" Targeting Booking.com Hotels and Customers Sekoia.io exposes a Booking.com phishing campaign targeting hotels and customers using ClickFix and PureRAT malware.

"I paid twice" ⤵️

blog.sekoia.io/phishing-cam...

07.11.2025 09:01 👍 0 🔁 0 💬 0 📌 0
TransparentTribe targets Indian military organisations with DeskRAT TransparentTribe targets Indian military entities using DeskRAT, a Golang-based remote access Trojan. Learn how this new campaign works.

TransparentTribe⤵️

blog.sekoia.io/transparentt...

28.10.2025 12:42 👍 1 🔁 0 💬 0 📌 0
Preview
APT28 Operation Phantom Net Voxel APT28 Operation Phantom Net Voxel: weaponized Office lures, COM-hijack DLL, PNG stego to Covenant Grunt via Koofr, BeardShell on icedrive.

APT28⤵️

blog.sekoia.io/apt28-operat...

16.09.2025 06:35 👍 2 🔁 1 💬 0 📌 0
Preview
Predators for Hire: A Global Overview of Commercial Surveillance Vendors Explore the 2025 landscape of Adversary-in-the-Middle phishing threats with data, trends, and top detection insights.

Predators for hire ⤵️

blog.sekoia.io/predators-fo...

04.09.2025 07:13 👍 2 🔁 0 💬 0 📌 0
Preview
Exploiting Vulnerabilities Using AI at Machine Speed, the Alarming Number of Unpatched Devices, and Anticipating How Adversaries Think Sekoia.io on collaborating with Europol, dynamic behavior modelling for Gen AI threats, and pooling CTI from various sources

TechNadu interviewed François Deruty (@derutyf.bsky.social), Chief Intelligence Officer of @sekoia.io, to get answers about innovations observed in cybercrime operations, challenges faced by CIOs, and adjustments to intelligence programs.

Read the interview⤵️

#AI #Cybersecurity #GenerativeAI #CTI

23.06.2025 05:22 👍 2 🔁 1 💬 0 📌 0
Post image

📝 Our latest #TDR report delivers an in-depth analysis of Adversary-in-the-Middle (#AitM) #phishing threats - targeting Microsoft 365 and Google accounts - and their ecosystem.

This report shares actionable intelligence to help analysts detect and investigate AitM phishing.

11.06.2025 08:32 👍 10 🔁 7 💬 1 📌 0
Preview
ViciousTrap - Infiltrate, Control, Lure: Turning edge devices into honeypots en masse. Discover ViciousTrap, a newly identified threat who turning edge devices into honeypots en masse targeting

Vicious trapèze ⤵️

blog.sekoia.io/vicioustrap-...

24.05.2025 08:56 👍 2 🔁 0 💬 0 📌 0
Preview
Interlock ransomware evolving under the radar ClickFix ransomware attack uses deceptive prompts and PowerShell loaders to deploy threats like Interlock under the radar.

Interlock⤵️

blog.sekoia.io/interlock-ra...

16.04.2025 08:37 👍 0 🔁 0 💬 0 📌 0
Preview
From Contagious to ClickFake Interview: Lazarus leveraging the ClickFix tactic Discover how Lazarus leverages fake job sites in the ClickFake Interview campaign targeting crypto firms using the ClickFix tactic.

Clickfake ⤵️

blog.sekoia.io/clickfake-in...

05.04.2025 09:12 👍 0 🔁 0 💬 0 📌 0
Preview
ClearFake’s New Widespread Variant: Increased Web3 Exploitation for Malware Delivery ClearFake spreads malware via compromised websites, using fake CAPTCHAs, JavaScript injections, and drive-by downloads.

Clearfake ⤵️

blog.sekoia.io/clearfakes-n...

18.03.2025 10:55 👍 0 🔁 0 💬 0 📌 0
Preview
PolarEdge: Unveiling an uncovered ORB network Discover PolarEdge, a newly identified botnet targeting edge devices via CVE-2023-20118, using a stealthy TLS backdoor.

PolarEdge ⤵️

blog.sekoia.io/polaredge-un...

25.02.2025 13:34 👍 1 🔁 0 💬 0 📌 0
Post image

Cyber threats impacting the financial sector: focus on the main actors

We're thrilled to announce the release of the latest strategic report by Sekoia #TDR. This analysis highlights key cyber threats to the #financial sector in 2024.

https://buff.ly/3D3IZl7

24.02.2025 09:27 👍 5 🔁 2 💬 0 📌 1
Preview
Cyber threats impacting the financial sector in 2024 - focus on the main actors Delve into Finance-related cyber threats in 2024. Our report highlights major actors and tactics impacting the financial sector.

Cyber threats against financial sector⤵️

blog.sekoia.io/cyber-threat...

20.02.2025 09:28 👍 0 🔁 0 💬 0 📌 0
Preview
RATatouille: Cooking Up Chaos in the I2P Kitchen Discover the challenges of ClickFix12 and the newly identified I2PRAT. Uncover the advanced techniques employed by this multi-stage RAT.

New paper⤵️

blog.sekoia.io/ratatouille-...

11.02.2025 13:58 👍 3 🔁 1 💬 0 📌 0
Preview
Detection engineering at scale: one step closer (part two) Discover the power of detection engineering and how it can help scale your cybersecurity projects efficiently.

Detection part two⤵️

blog.sekoia.io/detection-en...

04.02.2025 11:19 👍 0 🔁 0 💬 0 📌 0
Preview
Sr Technical Threat Researcher - Sekoia.io - CDI - Télétravail total Sekoia.io recrute un(e) Sr Technical Threat Researcher !

🚨To strengthen the #investigation and #detection capabilities of the Sekoia.io Threat Detection & Research (TDR) team, we are looking for a Senior Technical Threat Researcher!

www.welcometothejungle.com/fr/companies...

#CTI #DetectionEngineering

29.01.2025 13:59 👍 5 🔁 4 💬 0 📌 0
Preview
Sr Technical Threat Researcher - Sekoia.io - CDI - Télétravail total Sekoia.io recrute un(e) Sr Technical Threat Researcher !

If you are passionate about cyber threat intelligence, this offer is for you! ⤵️

www.welcometothejungle.com/fr/companies...

29.01.2025 10:14 👍 3 🔁 0 💬 0 📌 0
Preview
Targeted supply chain attack against Chrome browser extensions In this blog post, learn about the supply chain attack targeting Chrome browser extensions and the associated targeted phishing campaign.

New campaign ⤵️

blog.sekoia.io/targeted-sup...

23.01.2025 09:12 👍 3 🔁 2 💬 0 📌 0
Post image

Around 1,000 malicious domains are hosting webpages impersonating Reddit and WeTransfer, redirecting users to download password-protected archives

These archives contain an AutoIT dropper, we internally named #SelfAU3 Dropper at @sekoia.io, which executes #Lumma Stealer

IoCs ⬇️

20.01.2025 18:13 👍 9 🔁 6 💬 2 📌 0
Preview
Sneaky 2FA: exposing a new AiTM Phishing-as-a-Service In this blog post, learn about Sneaky 2FA, a new Adversary-in-the-Middle (AiTM) phishing kit targeting Microsoft 365 accounts.

New AiTM phishing as a service ⤵️

blog.sekoia.io/sneaky-2fa-e...

16.01.2025 10:44 👍 0 🔁 0 💬 0 📌 0
Preview
FBI deletes Chinese PlugX malware from thousands of US computers ​The U.S. Department of Justice announced today that the FBI has deleted Chinese PlugX malware from over 4,200 computers in networks across the United States.

FBI deletes Chinese PlugX malware from thousands of US computers

15.01.2025 09:09 👍 3 🔁 2 💬 0 📌 0
Preview
DOJ deletes China-linked PlugX malware off more than 4,200 US computers U.S law enforcement accused the People’s Republic of China of paying hackers that are part of a well-known group called Mustang Panda to deploy the PlugX malware — which allows them to “infect, contro...

The DOJ worked with French authorities and Sekoia.io to remove PlugX malware from thousands of devices around the world

therecord.media/doj-deletes-...

14.01.2025 20:08 👍 16 🔁 9 💬 0 📌 1
Justice Department and FBI Conduct International Operation to Delete Malware Used by China-Backed Hackers The Justice Department and FBI today announced a multi-month law enforcement operation that, alongside international partners, deleted “PlugX” malware from thousands of infected computers worldwide. A...

International cooperation, proud of TDR team from @sekoia.io ⤵️

www.justice.gov/opa/pr/justi...

14.01.2025 18:33 👍 17 🔁 3 💬 2 📌 1
Post image

🇷🇺 #DoubleTap Campaign: #Russia-nexus APT possibly related to #APT28 conducts cyber espionage on Central Asia and Kazakhstan diplomatic relations

https://buff.ly/3WEwPG7

13.01.2025 10:53 👍 8 🔁 6 💬 1 📌 0
Preview
Double-Tap Campaign : Russia-nexus APT possibly related to APT28 conducts cyber espionage on Central Asia and Kazakhstan diplomatic relations Uncover the details of UAC-0063 cyberespionage campaign in Kazakhstan and its potential connection to APT28

Double-tap campaign ⤵️

blog.sekoia.io/double-tap-c...

13.01.2025 08:28 👍 2 🔁 0 💬 0 📌 0
Preview
PlugX worm disinfection campaign feedbacks Discover how we successfully disinfected thousands of computers infected with the PlugX worm using two remote disinfection methods.

Feedbacks on a botnet disinfection campaign ⤵️

blog.sekoia.io/plugx-worm-d...

09.01.2025 10:56 👍 2 🔁 0 💬 0 📌 0
Preview
Happy YARA Christmas! Discover daily YARA usage at Sekoia.io TDR. Learn how YARA rules identify threats and aid in investigations and DFIR engagements.

Happy Yara Xmas ! ⤵️

blog.sekoia.io/happy-yara-c...

19.12.2024 09:01 👍 10 🔁 3 💬 0 📌 3