François Deruty
LightNews LightNews
banner
derutyf.bsky.social
François Deruty
@derutyf.bsky.social
300 followers 100 following 34 posts
threat intelligence at https://www.sekoia.io / former head of cert-fr

https://blog.sekoia.io
Posts Replies Media Videos
derutyf.bsky.social
"I paid twice" ⤵️

blog.sekoia.io/phishing-cam...
Phishing Campaigns "I Paid Twice" Targeting Booking.com Hotels and Customers
Sekoia.io exposes a Booking.com phishing campaign targeting hotels and customers using ClickFix and PureRAT malware.
blog.sekoia.io
November 7, 2025 at 9:01 AM
derutyf.bsky.social
TransparentTribe⤵️

blog.sekoia.io/transparentt...
TransparentTribe targets Indian military organisations with DeskRAT
TransparentTribe targets Indian military entities using DeskRAT, a Golang-based remote access Trojan. Learn how this new campaign works.
blog.sekoia.io
October 28, 2025 at 12:42 PM
derutyf.bsky.social
APT28⤵️

blog.sekoia.io/apt28-operat...
APT28 Operation Phantom Net Voxel
APT28 Operation Phantom Net Voxel: weaponized Office lures, COM-hijack DLL, PNG stego to Covenant Grunt via Koofr, BeardShell on icedrive.
blog.sekoia.io
September 16, 2025 at 6:35 AM
derutyf.bsky.social
Predators for hire ⤵️

blog.sekoia.io/predators-fo...
Predators for Hire: A Global Overview of Commercial Surveillance Vendors
Explore the 2025 landscape of Adversary-in-the-Middle phishing threats with data, trends, and top detection insights.
blog.sekoia.io
September 4, 2025 at 7:13 AM
Reposted by François Deruty
technadu.com
TechNadu interviewed François Deruty (@derutyf.bsky.social), Chief Intelligence Officer of @sekoia.io, to get answers about innovations observed in cybercrime operations, challenges faced by CIOs, and adjustments to intelligence programs.

Read the interview⤵️

#AI #Cybersecurity #GenerativeAI #CTI
Exploiting Vulnerabilities Using AI at Machine Speed, the Alarming Number of Unpatched Devices, and Anticipating How Adversaries Think
Sekoia.io on collaborating with Europol, dynamic behavior modelling for Gen AI threats, and pooling CTI from various sources
www.technadu.com
June 23, 2025 at 5:23 AM
Reposted by François Deruty
sekoia.io
📝 Our latest #TDR report delivers an in-depth analysis of Adversary-in-the-Middle (#AitM) #phishing threats - targeting Microsoft 365 and Google accounts - and their ecosystem.

This report shares actionable intelligence to help analysts detect and investigate AitM phishing.
June 11, 2025 at 8:32 AM
derutyf.bsky.social
Vicious trapèze ⤵️

blog.sekoia.io/vicioustrap-...
ViciousTrap - Infiltrate, Control, Lure: Turning edge devices into honeypots en masse.
Discover ViciousTrap, a newly identified threat who turning edge devices into honeypots en masse targeting
blog.sekoia.io
May 24, 2025 at 8:56 AM
derutyf.bsky.social
Interlock⤵️

blog.sekoia.io/interlock-ra...
Interlock ransomware evolving under the radar
ClickFix ransomware attack uses deceptive prompts and PowerShell loaders to deploy threats like Interlock under the radar.
blog.sekoia.io
April 16, 2025 at 8:37 AM
derutyf.bsky.social
Clickfake ⤵️

blog.sekoia.io/clickfake-in...
From Contagious to ClickFake Interview: Lazarus leveraging the ClickFix tactic
Discover how Lazarus leverages fake job sites in the ClickFake Interview campaign targeting crypto firms using the ClickFix tactic.
blog.sekoia.io
April 5, 2025 at 9:12 AM
derutyf.bsky.social
Clearfake ⤵️

blog.sekoia.io/clearfakes-n...
ClearFake’s New Widespread Variant: Increased Web3 Exploitation for Malware Delivery
ClearFake spreads malware via compromised websites, using fake CAPTCHAs, JavaScript injections, and drive-by downloads.
blog.sekoia.io
March 18, 2025 at 10:55 AM
derutyf.bsky.social
PolarEdge ⤵️

blog.sekoia.io/polaredge-un...
PolarEdge: Unveiling an uncovered ORB network
Discover PolarEdge, a newly identified botnet targeting edge devices via CVE-2023-20118, using a stealthy TLS backdoor.
blog.sekoia.io
February 25, 2025 at 1:34 PM
Reposted by François Deruty
sekoia.io
Cyber threats impacting the financial sector: focus on the main actors

We're thrilled to announce the release of the latest strategic report by Sekoia #TDR. This analysis highlights key cyber threats to the #financial sector in 2024.

https://buff.ly/3D3IZl7
February 24, 2025 at 9:27 AM
derutyf.bsky.social
Cyber threats against financial sector⤵️

blog.sekoia.io/cyber-threat...
Cyber threats impacting the financial sector in 2024 - focus on the main actors
Delve into Finance-related cyber threats in 2024. Our report highlights major actors and tactics impacting the financial sector.
blog.sekoia.io
February 20, 2025 at 9:28 AM
derutyf.bsky.social
New paper⤵️

blog.sekoia.io/ratatouille-...
RATatouille: Cooking Up Chaos in the I2P Kitchen
Discover the challenges of ClickFix12 and the newly identified I2PRAT. Uncover the advanced techniques employed by this multi-stage RAT.
blog.sekoia.io
February 11, 2025 at 1:58 PM
derutyf.bsky.social
Detection part two⤵️

blog.sekoia.io/detection-en...
Detection engineering at scale: one step closer (part two)
Discover the power of detection engineering and how it can help scale your cybersecurity projects efficiently.
blog.sekoia.io
February 4, 2025 at 11:19 AM
Reposted by François Deruty
caproni.fr
🚨To strengthen the #investigation and #detection capabilities of the Sekoia.io Threat Detection & Research (TDR) team, we are looking for a Senior Technical Threat Researcher!

www.welcometothejungle.com/fr/companies...

#CTI #DetectionEngineering
Sr Technical Threat Researcher - Sekoia.io - CDI - Télétravail total
Sekoia.io recrute un(e) Sr Technical Threat Researcher !
www.welcometothejungle.com
January 29, 2025 at 1:59 PM
derutyf.bsky.social
If you are passionate about cyber threat intelligence, this offer is for you! ⤵️

www.welcometothejungle.com/fr/companies...
Sr Technical Threat Researcher - Sekoia.io - CDI - Télétravail total
Sekoia.io recrute un(e) Sr Technical Threat Researcher !
www.welcometothejungle.com
January 29, 2025 at 10:14 AM
derutyf.bsky.social
New campaign ⤵️

blog.sekoia.io/targeted-sup...
Targeted supply chain attack against Chrome browser extensions
In this blog post, learn about the supply chain attack targeting Chrome browser extensions and the associated targeted phishing campaign.
blog.sekoia.io
January 23, 2025 at 9:12 AM
Reposted by François Deruty
crep1x.bsky.social
Around 1,000 malicious domains are hosting webpages impersonating Reddit and WeTransfer, redirecting users to download password-protected archives

These archives contain an AutoIT dropper, we internally named #SelfAU3 Dropper at @sekoia.io, which executes #Lumma Stealer

IoCs ⬇️
January 20, 2025 at 6:13 PM
derutyf.bsky.social
New AiTM phishing as a service ⤵️

blog.sekoia.io/sneaky-2fa-e...
Sneaky 2FA: exposing a new AiTM Phishing-as-a-Service
In this blog post, learn about Sneaky 2FA, a new Adversary-in-the-Middle (AiTM) phishing kit targeting Microsoft 365 accounts.
blog.sekoia.io
January 16, 2025 at 10:44 AM
Reposted by François Deruty
infosec.skyfleet.blue
FBI deletes Chinese PlugX malware from thousands of US computers
FBI deletes Chinese PlugX malware from thousands of US computers
​The U.S. Department of Justice announced today that the FBI has deleted Chinese PlugX malware from over 4,200 computers in networks across the United States.
www.bleepingcomputer.com
January 15, 2025 at 9:09 AM
Reposted by François Deruty
jgreig.bsky.social
The DOJ worked with French authorities and Sekoia.io to remove PlugX malware from thousands of devices around the world

therecord.media/doj-deletes-...
DOJ deletes China-linked PlugX malware off more than 4,200 US computers
U.S law enforcement accused the People’s Republic of China of paying hackers that are part of a well-known group called Mustang Panda to deploy the PlugX malware — which allows them to “infect, contro...
therecord.media
January 14, 2025 at 8:08 PM
derutyf.bsky.social
International cooperation, proud of TDR team from @sekoia.io ⤵️

www.justice.gov/opa/pr/justi...
Justice Department and FBI Conduct International Operation to Delete Malware Used by China-Backed Hackers
The Justice Department and FBI today announced a multi-month law enforcement operation that, alongside international partners, deleted “PlugX” malware from thousands of infected computers worldwide. A...
www.justice.gov
January 14, 2025 at 6:33 PM
Reposted by François Deruty
sekoia.io
🇷🇺 #DoubleTap Campaign: #Russia-nexus APT possibly related to #APT28 conducts cyber espionage on Central Asia and Kazakhstan diplomatic relations

https://buff.ly/3WEwPG7
January 13, 2025 at 10:53 AM
derutyf.bsky.social
Double-tap campaign ⤵️

blog.sekoia.io/double-tap-c...
Double-Tap Campaign : Russia-nexus APT possibly related to APT28 conducts cyber espionage on Central Asia and Kazakhstan diplomatic relations
Uncover the details of UAC-0063 cyberespionage campaign in Kazakhstan and its potential connection to APT28
blog.sekoia.io
January 13, 2025 at 8:28 AM