Nicolas Caproni
@caproni.fr
Head of Sekoia Threat Detection & Research (TDR) team • Cyber Threat Intelligence • Detection Engineering • SOC Platform 🇫🇷 🇪🇺 • Hip-Hop • Basketball
Reposted by Nicolas Caproni
Histoire et dissection du 𝑚𝑎𝑙𝑤𝑎𝑟𝑒 ou chargeur malveillant 🇷🇺 #Latrodectus par Pierre Le Bourhis @sekoia.io à #UYBHYS25
@uybhys.bsky.social
@uybhys.bsky.social
November 8, 2025 at 3:36 PM
Histoire et dissection du 𝑚𝑎𝑙𝑤𝑎𝑟𝑒 ou chargeur malveillant 🇷🇺 #Latrodectus par Pierre Le Bourhis @sekoia.io à #UYBHYS25
@uybhys.bsky.social
@uybhys.bsky.social
Reposted by Nicolas Caproni
#TDR analysts dig into a modus operandi targeting the hospitality industry and the related cybercrime ecosystem that facilitates #phishing and #fraud campaigns.
blog.sekoia.io/phishing-cam...
blog.sekoia.io/phishing-cam...
November 6, 2025 at 10:27 AM
#TDR analysts dig into a modus operandi targeting the hospitality industry and the related cybercrime ecosystem that facilitates #phishing and #fraud campaigns.
blog.sekoia.io/phishing-cam...
blog.sekoia.io/phishing-cam...
Reposted by Nicolas Caproni
After our initial #PolarEdge #botnet write-up, we’re happy to announce the second part: “Defrosting PolarEdge’s Backdoor,” a full technical deep-dive into its TLS-based implant.
blog.sekoia.io/polaredge-ba...
blog.sekoia.io/polaredge-ba...
October 14, 2025 at 1:35 PM
After our initial #PolarEdge #botnet write-up, we’re happy to announce the second part: “Defrosting PolarEdge’s Backdoor,” a full technical deep-dive into its TLS-based implant.
blog.sekoia.io/polaredge-ba...
blog.sekoia.io/polaredge-ba...
Je recherche un Threat Researcher pour l’équipe TDR de @sekoia.io !
Vous aimez faire des règles #Sigma et #Yara ? Vous adorez pivoter et traquer les infrastructures (C2) d’attaques des cybercriminels ?
Alors cette offre d’emploi est faite pour vous !
www.welcometothejungle.com/en/companies...
Vous aimez faire des règles #Sigma et #Yara ? Vous adorez pivoter et traquer les infrastructures (C2) d’attaques des cybercriminels ?
Alors cette offre d’emploi est faite pour vous !
www.welcometothejungle.com/en/companies...
Technical Threat Researcher – Sekoia.io – Permanent contract – Fully-remote
Sekoia.io is looking for a Technical Threat Researcher!
www.welcometothejungle.com
October 6, 2025 at 5:26 PM
Je recherche un Threat Researcher pour l’équipe TDR de @sekoia.io !
Vous aimez faire des règles #Sigma et #Yara ? Vous adorez pivoter et traquer les infrastructures (C2) d’attaques des cybercriminels ?
Alors cette offre d’emploi est faite pour vous !
www.welcometothejungle.com/en/companies...
Vous aimez faire des règles #Sigma et #Yara ? Vous adorez pivoter et traquer les infrastructures (C2) d’attaques des cybercriminels ?
Alors cette offre d’emploi est faite pour vous !
www.welcometothejungle.com/en/companies...
Reposted by Nicolas Caproni
Key takeaways:
✉️ API exploitation: attackers leverage an exposed /cgi endpoint to push malicious SMS without authentication
🌐 Scale of exposure: over 18,000 routers accessible on the internet; 572 confirmed vulnerable
✉️ API exploitation: attackers leverage an exposed /cgi endpoint to push malicious SMS without authentication
🌐 Scale of exposure: over 18,000 routers accessible on the internet; 572 confirmed vulnerable
October 2, 2025 at 1:56 PM
Key takeaways:
✉️ API exploitation: attackers leverage an exposed /cgi endpoint to push malicious SMS without authentication
🌐 Scale of exposure: over 18,000 routers accessible on the internet; 572 confirmed vulnerable
✉️ API exploitation: attackers leverage an exposed /cgi endpoint to push malicious SMS without authentication
🌐 Scale of exposure: over 18,000 routers accessible on the internet; 572 confirmed vulnerable
Reposted by Nicolas Caproni
📱 Silent Smishing: The Hidden Abuse of Cellular Router APIs
Our latest #CTI investigation from Sekoia #TDR team uncovers a novel #smishing vector abusing Milesight industrial cellular router APIs to send phishing #SMS at scale.
blog.sekoia.io/silent-smish...
Our latest #CTI investigation from Sekoia #TDR team uncovers a novel #smishing vector abusing Milesight industrial cellular router APIs to send phishing #SMS at scale.
blog.sekoia.io/silent-smish...
October 2, 2025 at 1:56 PM
📱 Silent Smishing: The Hidden Abuse of Cellular Router APIs
Our latest #CTI investigation from Sekoia #TDR team uncovers a novel #smishing vector abusing Milesight industrial cellular router APIs to send phishing #SMS at scale.
blog.sekoia.io/silent-smish...
Our latest #CTI investigation from Sekoia #TDR team uncovers a novel #smishing vector abusing Milesight industrial cellular router APIs to send phishing #SMS at scale.
blog.sekoia.io/silent-smish...
Reposted by Nicolas Caproni
🐻 #APT28 – Operation Phantom Net Voxel: deep-dive into the latest spear-phishing campaign targeting Ukrainian military administrative staff.
blog.sekoia.io/apt28-operat...
blog.sekoia.io/apt28-operat...
September 16, 2025 at 12:59 PM
🐻 #APT28 – Operation Phantom Net Voxel: deep-dive into the latest spear-phishing campaign targeting Ukrainian military administrative staff.
blog.sekoia.io/apt28-operat...
blog.sekoia.io/apt28-operat...
Reposted by Nicolas Caproni
[Threat investigation alert 🚨] Predators for Hire: A Global Overview of Commercial Surveillance Vendors
➡️ blog.sekoia.io/predators-fo...
➡️ blog.sekoia.io/predators-fo...
September 2, 2025 at 9:55 AM
[Threat investigation alert 🚨] Predators for Hire: A Global Overview of Commercial Surveillance Vendors
➡️ blog.sekoia.io/predators-fo...
➡️ blog.sekoia.io/predators-fo...
Reposted by Nicolas Caproni
🔥 Hot summer, sizzling crypto... and scammers turning up the heat 🔥
Back in March, Sekoia #TDR team published a deep-dive report on a #Lazarus cluster we dubbed #ClickFake Interview, leveraging the #ClickFix technique in their #ContagiousInterview campaign.
Back in March, Sekoia #TDR team published a deep-dive report on a #Lazarus cluster we dubbed #ClickFake Interview, leveraging the #ClickFix technique in their #ContagiousInterview campaign.
July 21, 2025 at 2:40 PM
🔥 Hot summer, sizzling crypto... and scammers turning up the heat 🔥
Back in March, Sekoia #TDR team published a deep-dive report on a #Lazarus cluster we dubbed #ClickFake Interview, leveraging the #ClickFix technique in their #ContagiousInterview campaign.
Back in March, Sekoia #TDR team published a deep-dive report on a #Lazarus cluster we dubbed #ClickFake Interview, leveraging the #ClickFix technique in their #ContagiousInterview campaign.
Reposted by Nicolas Caproni
You can find the phishing kit sheets on our blog: blog.sekoia.io/global-analy...
And on our Community GitHub: github.com/SEKOIA-IO/Co...
And on our Community GitHub: github.com/SEKOIA-IO/Co...
July 8, 2025 at 7:53 AM
You can find the phishing kit sheets on our blog: blog.sekoia.io/global-analy...
And on our Community GitHub: github.com/SEKOIA-IO/Co...
And on our Community GitHub: github.com/SEKOIA-IO/Co...
Reposted by Nicolas Caproni
Reposted by Nicolas Caproni
Reposted by Nicolas Caproni
Reposted by Nicolas Caproni
🧀 The Sharp Taste of #Mimo’lette: Analyzing Mimo’s Latest Campaign targeting #Craft CMS
blog.sekoia.io/the-sharp-ta...
blog.sekoia.io/the-sharp-ta...
The Sharp Taste of Mimo'lette: Analyzing Mimo’s Latest Campaign targeting Craft CMS
Analysis of the CVE-2025-32432 compromise chain by Mimo: exploitation, loader, crypto miner, proxyware, and detection opportunities.
blog.sekoia.io
May 27, 2025 at 1:16 PM
🧀 The Sharp Taste of #Mimo’lette: Analyzing Mimo’s Latest Campaign targeting #Craft CMS
blog.sekoia.io/the-sharp-ta...
blog.sekoia.io/the-sharp-ta...
Reposted by Nicolas Caproni
🪤 Sekoia #TDR's new exclusive research uncovers the #ViciousTrap, a honeypot network deployed on compromised edge devices.
blog.sekoia.io/vicioustrap-...
blog.sekoia.io/vicioustrap-...
ViciousTrap - Infiltrate, Control, Lure: Turning edge devices into honeypots en masse.
Discover ViciousTrap, a newly identified threat who turning edge devices into honeypots en masse targeting
blog.sekoia.io
May 22, 2025 at 2:17 PM
🪤 Sekoia #TDR's new exclusive research uncovers the #ViciousTrap, a honeypot network deployed on compromised edge devices.
blog.sekoia.io/vicioustrap-...
blog.sekoia.io/vicioustrap-...
Reposted by Nicolas Caproni
Our new report describes one of the latest observed infection chains (delivering #AsyncRAT) relying on the #Cloudflare tunnel infrastructure and the attacker’s #TTPs with a principal focus on detection opportunities.
blog.sekoia.io/detecting-mu...
blog.sekoia.io/detecting-mu...
April 23, 2025 at 8:33 AM
Our new report describes one of the latest observed infection chains (delivering #AsyncRAT) relying on the #Cloudflare tunnel infrastructure and the attacker’s #TTPs with a principal focus on detection opportunities.
blog.sekoia.io/detecting-mu...
blog.sekoia.io/detecting-mu...
Reposted by Nicolas Caproni
Since the apparition of the #Interlock ransomware, the Sekoia #TDR team observed its operators evolving, improving their toolset (#LummaStealer and #BerserkStealer), and leveraging new techniques such as #ClickFix to deploy the ransomware payload.
blog.sekoia.io/interlock-ra...
blog.sekoia.io/interlock-ra...
April 16, 2025 at 9:13 AM
Since the apparition of the #Interlock ransomware, the Sekoia #TDR team observed its operators evolving, improving their toolset (#LummaStealer and #BerserkStealer), and leveraging new techniques such as #ClickFix to deploy the ransomware payload.
blog.sekoia.io/interlock-ra...
blog.sekoia.io/interlock-ra...
Reposted by Nicolas Caproni
🎉 It's not about a CTI investigation or a Detection Engineering topic, but today we are happy to announce that Sekoia.io has raised €26m!
www.sekoia.io/en/presse/se...
www.sekoia.io/en/presse/se...
April 9, 2025 at 1:16 PM
🎉 It's not about a CTI investigation or a Detection Engineering topic, but today we are happy to announce that Sekoia.io has raised €26m!
www.sekoia.io/en/presse/se...
www.sekoia.io/en/presse/se...
Reposted by Nicolas Caproni
🇰🇵 Sekoia #TDR team investigated a malicious campaign that employs fake job interview websites to deliver backdoors on Windows and macOS - #GolangGhost using #ClickFix tactic. Dubbed #ClickFake Interview, this campaign has been attributed to #Lazarus APT
blog.sekoia.io/clickfake-in...
blog.sekoia.io/clickfake-in...
March 31, 2025 at 9:27 AM
🇰🇵 Sekoia #TDR team investigated a malicious campaign that employs fake job interview websites to deliver backdoors on Windows and macOS - #GolangGhost using #ClickFix tactic. Dubbed #ClickFake Interview, this campaign has been attributed to #Lazarus APT
blog.sekoia.io/clickfake-in...
blog.sekoia.io/clickfake-in...
Reposted by Nicolas Caproni
The conclusion (part three) of our series on #DetectionEngineering is finally here! buff.ly/dijB0fy
March 10, 2025 at 4:48 PM
The conclusion (part three) of our series on #DetectionEngineering is finally here! buff.ly/dijB0fy
Reposted by Nicolas Caproni
#ClearFake variant is now spreading #Rhadamanthys Stealer via #Emmenhtal Loader.
cc @plebourhis.bsky.social @sekoia.io
1. ClearFake framework is injected on compromised WordPress and relies on EtherHiding
2. The #ClickFix lure uses a fake Cloudflare Turnstile with unusual web traffic
⬇️
cc @plebourhis.bsky.social @sekoia.io
1. ClearFake framework is injected on compromised WordPress and relies on EtherHiding
2. The #ClickFix lure uses a fake Cloudflare Turnstile with unusual web traffic
⬇️
March 6, 2025 at 10:50 AM
#ClearFake variant is now spreading #Rhadamanthys Stealer via #Emmenhtal Loader.
cc @plebourhis.bsky.social @sekoia.io
1. ClearFake framework is injected on compromised WordPress and relies on EtherHiding
2. The #ClickFix lure uses a fake Cloudflare Turnstile with unusual web traffic
⬇️
cc @plebourhis.bsky.social @sekoia.io
1. ClearFake framework is injected on compromised WordPress and relies on EtherHiding
2. The #ClickFix lure uses a fake Cloudflare Turnstile with unusual web traffic
⬇️
Reposted by Nicolas Caproni
Using our #honeypots, we uncovered an unreported #botnet that has been operational since at least the end of November 2023. This #PolarEdge botnet has been focusing on #edge devices, particularly those made by #Cisco, #Asus, #QNAP, and #Synology.
https://buff.ly/4ibOEo8
https://buff.ly/4ibOEo8
February 25, 2025 at 1:22 PM
Using our #honeypots, we uncovered an unreported #botnet that has been operational since at least the end of November 2023. This #PolarEdge botnet has been focusing on #edge devices, particularly those made by #Cisco, #Asus, #QNAP, and #Synology.
https://buff.ly/4ibOEo8
https://buff.ly/4ibOEo8
Reposted by Nicolas Caproni
Cyber threats impacting the financial sector: focus on the main actors
We're thrilled to announce the release of the latest strategic report by Sekoia #TDR. This analysis highlights key cyber threats to the #financial sector in 2024.
https://buff.ly/3D3IZl7
We're thrilled to announce the release of the latest strategic report by Sekoia #TDR. This analysis highlights key cyber threats to the #financial sector in 2024.
https://buff.ly/3D3IZl7
February 24, 2025 at 9:27 AM
Cyber threats impacting the financial sector: focus on the main actors
We're thrilled to announce the release of the latest strategic report by Sekoia #TDR. This analysis highlights key cyber threats to the #financial sector in 2024.
https://buff.ly/3D3IZl7
We're thrilled to announce the release of the latest strategic report by Sekoia #TDR. This analysis highlights key cyber threats to the #financial sector in 2024.
https://buff.ly/3D3IZl7