François Deruty

🌐Recently, @sekoia_io joined MC for a session on #Cybersecurity trends & emerging threats. Represented by @DerutyF & Livia Tibirna, the team shared insights on today’s global #threat landscape and best practices. Proud to see their #impact worldwide - congrats!🙌

After our initial #PolarEdge #botnet write-up, we’re happy to announce the second part: “Defrosting PolarEdge’s Backdoor,” a full technical deep-dive into its TLS-based implant. blog.sekoia.io/polaredge-back…

Our latest technical deep-dive unravels the mystery behind the opaque numeric codes (16, 272, 33554432, etc.) you see in #Microsoft365 audit logs. buff.ly/w04flj1

Discover how #TransparentTribe (#APT36) uses a disguised DESKTOP dropper to deploy #DeskRAT, a Golang RAT, on BOSS Linux endpoints in India. Our Sekoia #TDR report breaks down the full infection chain and stealthy WebSocket C2 communications Read more 👉 blog.sekoia.io/transparenttri…

#TDR analysts dig into a modus operandi targeting the hospitality industry and the related cybercrime ecosystem that facilitates #phishing and #fraud campaigns. blog.sekoia.io/phishing-campa…

[Threat investigation alert 🚨] Predators for Hire: A Global Overview of Commercial Surveillance Vendors ➡️ blog.sekoia.io/predators-for-…

🔥 Hot summer, sizzling crypto... and scammers turning up the heat 🔥 Back in March, Sekoia #TDR team published a deep-dive report on a #Lazarus cluster we dubbed #ClickFake Interview, leveraging the #ClickFix technique in their #ContagiousInterview campaign.

🚨 Operation Eastwood targets pro-Russian cybercrime network NoName057(16) and shuts down over one hundred criminal servers in global operation. Read more in our press release ⤵️ europol.europa.eu/media-press/ne…

A few weeks ago, we published our global analysis of Adversary-in-the-Middle #phishing threats, providing actionable intelligence on multiple #AitM phishing kits. This report includes 11 sheets covering the most widespread #AitM phishing kits as of Q1 2025.

TechNadu interviewed François Deruty(@DerutyF), Chief Intelligence Officer of @sekoia_io, to get answers about innovations observed in cybercrime operations, challenges faced by CIOs, and adjustments to intelligence programs. Deruty spoke about organizations tailoring red-team scenarios to the precise threats they face. He emphasized how Generative AI–powered deepfakes and hyper-realistic phishing lures force CTI teams towards dynamic behavior modeling. This interview discusses the following and more: 🟣Cybersecurity isn’t just tech; it’s about understanding geopolitical risks 🟣Generative AI playing a pivotal role in Security Operation Centers 🟣Thwarting real-world threats beyond borders with a collaborative effort 🔗Read the interview: technadu.com/exploiting-vul… 🔔 👉 Follow @TechNadu for more Expert Insights and share your views in the comments below. #Sekoia #TechNadu #Interviews #AI #Cybersecurity #GenerativeAI #SocialEngineering #CyberThreats #CyberResilience #CTI

We are excited to share our latest blogpost on AitM phishing threats - covering common TTPs, the PhaaS ecosystem, the most widespread kits, and multiple detection opportunities! x.com/sekoia_io/stat… w/ @gregclermont

📝 Our latest #TDR report delivers an in-depth analysis of Adversary-in-the-Middle (#AitM) #phishing threats - targeting Microsoft 365 and Google accounts - and their ecosystem. This report shares actionable intelligence to help analysts detect and investigate AitM phishing.

Jeremy Scion, Pierre Le Bourhis & Sekoia TDR present an analysis of the compromise chain initiated by the exploitation of CVE-2025-32432. The exploitation occurred in a CMS honeypot and led to a loader, a crypto miner, and a residential proxyware. blog.sekoia.io/the-sharp-tast…

🧀 The Sharp Taste of #Mimo’lette: Analyzing Mimo’s Latest Campaign targeting #Craft CMS buff.ly/hv4EWLp

Excited to see this paper finally published! Meet #ViciousTrap, a threat actor compromising and turning edge devices into honeypots! blog.sekoia.io/vicioustrap-in…

Our new report describes one of the latest observed infection chains (delivering #AsyncRAT) relying on the #Cloudflare tunnel infrastructure and the attacker’s #TTPs with a principal focus on detection opportunities. blog.sekoia.io/detecting-mult…

Since the apparition of the #Interlock ransomware, the Sekoia #TDR team observed its operators evolving, improving their toolset (#LummaStealer #BerserkStealer), and leveraging new techniques such as #ClickFix to deploy the ransomware payload. blog.sekoia.io/interlock-rans…

🎉 It's not about a CTI investigation or a Detection Engineering topic, but today we are happy to announce that Sekoia.io has raised €26m! sekoia.io/en/presse/seko…

Sekoia researchers discovered a ClickFake Interview campaign targeting job seekers with fake job interview sites. The infrastructure aligns with technical indicators linked to the Contagious Interview campaign & delivers GolangGhost for Windows & macOS. blog.sekoia.io/clickfake-inte…

In March 2025, Bybit, an UAE-based crypto exchange platform, was targeted by Lazarus, a state-sponsored intrusion set attributed to the Democratic People’s Republic of Korea (DPRK) | blog.sekoia.io/clickfake-inte… @sekoia_io