 | FSB’s matryoshka #1/3 – Gamaredon’s gifts that keeps unpacking – GammaPhish and GammaWorm | 2026-06-01 | True | Amaury G. and Sekoia TDR | True | | |
| From APT28 to RePythonNET: automating .NET malware analysis | 2026-04-16 | True | Sekoia TDR | True | | |
| EvilTokens: an AI-augmented Phishing-as-a-Service for automating BEC fraud – Part 2 | 2026-04-07 | True | Quentin Bourgue and Sekoia TDR | True | | |
| New widespread EvilTokens kit: device code phishing as-a-service – Part 1 | 2026-03-30 | True | Quentin Bourgue and Sekoia TDR | True | | |
| Shadow IT: The Initial Access You Didn’t Log | 2026-03-06 | True | David Greenwood | True | | |
| OysterLoader Unmasked: The Multi-Stage Evasion Loader | 2026-02-12 | True | Pierre Le Bourhis | True | | |
| Meet IClickFix: a widespread WordPress-targeting framework using the ClickFix tactic | 2026-01-29 | True | Quentin Bourgue, Amaury G. and Sekoia TDR | True | | |
| Advent Of Configuration Extraction – Part 4: Turning capa Into A Configuration Extractor For TinyShell variant | 2025-12-22 | True | Pierre Le Bourhis, Jeremy Scion and Sekoia TDR | True | | |
| Advent of Configuration Extraction – Part 3: Mapping GOT/PLT and Disassembling the SNOWLIGHT Loader | 2025-12-15 | True | Jeremy Scion, Pierre Le Bourhis and Sekoia TDR | True | | |
| Advent of Configuration Extraction – Part 2: Unwrapping QuasarRAT’s Configuration | 2025-12-08 | True | Pierre Le Bourhis, Sekoia TDR and Jeremy Scion | True | | |
| French NGO Reporters Without Borders targeted by Calisto in recent campaign | 2025-12-03 | True | Sekoia TDR | True | | |
| Advent of Configuration Extraction – Part 1: Pipeline Overview – First Steps with Kaiji Configuration Unboxing | 2025-12-01 | True | Jeremy Scion, Pierre Le Bourhis and Sekoia TDR | True | | |
| Phishing Campaigns “I Paid Twice” Targeting Booking.com Hotels and Customers | 2025-11-06 | True | Jeremy Scion, Quentin Bourgue and Sekoia TDR | True | | |
| TransparentTribe targets Indian military organisations with DeskRAT | 2025-10-23 | True | Amaury G., Coline Chavane and Sekoia TDR | True | | |
| Defrosting PolarEdge’s Backdoor | 2025-10-14 | True | Sekoia TDR | True | | |
| Silent Smishing : The Hidden Abuse of Cellular Router APIs | 2025-09-30 | True | Jeremy Scion and Marc N. | True | | |
| APT28 Operation Phantom Net Voxel | 2025-09-16 | True | Amaury G., Charles M. and Sekoia TDR | True | | |
| Predators for Hire: A Global Overview of Commercial Surveillance Vendors | 2025-09-02 | True | Sekoia TDR, Maxime A., Coline Chavane and Felix Aimé | True | | |
| The Sharp Taste of Mimo’lette: Analyzing Mimo’s Latest Campaign targeting Craft CMS | 2025-05-27 | True | Jeremy Scion, Pierre Le Bourhis and Sekoia TDR | True | | |
| ViciousTrap – Infiltrate, Control, Lure: Turning edge devices into honeypots en masse. | 2025-05-22 | True | Felix Aimé, Jeremy Scion and Sekoia TDR | True | | |
| Detecting Multi-Stage Infection Chains Madness | 2025-04-22 | True | Sekoia TDR and Erwan Chevalier | True | | |
| Interlock ransomware evolving under the radar | 2025-04-16 | True | Sekoia TDR | True | | |
| From Contagious to ClickFake Interview: Lazarus leveraging the ClickFix tactic | 2025-03-31 | True | Amaury G., Coline Chavane, Felix Aimé and Sekoia TDR | True | | |
| ClearFake’s New Widespread Variant: Increased Web3 Exploitation for Malware Delivery | 2025-03-18 | True | Pierre Le Bourhis, Quentin Bourgue and Sekoia TDR | True | | |
| PolarEdge: Unveiling an uncovered ORB network | 2025-02-25 | True | Jeremy Scion, Felix Aimé and Sekoia TDR | True | | |
| Cyber threats impacting the financial sector in 2024 – focus on the main actors | 2025-02-20 | True | Livia Tibirna, Coline Chavane and Sekoia TDR | True | | |
| RATatouille: Cooking Up Chaos in the I2P Kitchen | 2025-02-11 | True | Pierre Le Bourhis | True | | |
| Targeted supply chain attack against Chrome browser extensions | 2025-01-22 | True | Quentin Bourgue and Sekoia TDR | True | | |
| Sneaky 2FA: exposing a new AiTM Phishing-as-a-Service | 2025-01-16 | True | Quentin Bourgue, Grégoire Clermont and Sekoia TDR | True | | |
| Double-Tap Campaign: Russia-nexus APT possibly related to APT28 conducts cyber espionage on Central Asia and Kazakhstan diplomatic relations | 2025-01-13 | True | Amaury G., Maxime A., Erwan Chevalier, Felix Aimé and Sekoia TDR | True | | |
| PlugX worm disinfection campaign feedbacks | 2024-12-26 | True | Sekoia TDR | True | | |
| Helldown Ransomware: an overview of this emerging threat | 2024-11-19 | True | Jeremy Scion and Sekoia TDR | True | | |
| ClickFix tactic: Revenge of detection | 2024-11-05 | True | Jeremy Scion and Sekoia TDR | True | | |
| ClickFix tactic: The Phantom Meet | 2024-10-17 | True | Quentin Bourgue and Sekoia TDR | True | | |
| Mamba 2FA: A new contender in the AiTM phishing ecosystem | 2024-10-07 | True | Grégoire Clermont and Sekoia TDR | True | | |
| Bulbature, beneath the waves of GobRAT | 2024-10-02 | True | Sekoia TDR, Amaury G. and Felix Aimé | True | | |
| Hadooken and K4Spreader: The 8220 Gang’s Latest Arsenal | 2024-09-30 | True | Jeremy Scion | True | | |
| SilentSelfie: Uncovering a major watering hole campaign against Kurdish websites | 2024-09-25 | True | Sekoia TDR, Felix Aimé and Maxime A. | True | | |
| WebDAV-as-a-Service: Uncovering the infrastructure behind Emmenhtal loader distribution | 2024-09-19 | True | Marc N. and Sekoia TDR | True | | |
| Emulating and Detecting Scattered Spider-like Attacks | 2024-07-24 | True | Sekoia TDR, Mitigant, Guillaume C., Erwan Chevalier and Kennedy Torkura | True | | |
| Solving the 7777 Botnet enigma: A cybersecurity quest | 2024-07-23 | True | Sekoia TDR, Felix Aimé, Pierre-Antoine D., Charles M., Grégoire Clermont and Jeremy Scion | True | | |
| MuddyWater replaces Atera by custom MuddyRot implant in a recent campaign | 2024-07-15 | True | Sekoia TDR | True | | |
| Exposing FakeBat loader: distribution methods and adversary infrastructure | 2024-07-02 | True | Quentin Bourgue and Sekoia TDR | True | | |
| Master of Puppets: Uncovering the DoppelGänger pro-Russian influence campaign | 2024-05-21 | True | Sekoia TDR, Coline Chavane, Amaury G. and Kilian Seznec | True | | |
| Tycoon 2FA: an in-depth analysis of the latest version of the AiTM phishing kit | 2024-03-25 | True | Quentin Bourgue and TDR (Threat Detection & Research) | True | | |
| Unveiling the depths of Residential Proxies providers | 2024-03-14 | True | TDR (Threat Detection & Research), Amaury G., Livia Tibirna, Grégoire Clermont and CERT OCD - World Watch team | True | | |
| The Architects of Evasion: a Crypters Threat Landscape | 2024-03-07 | True | Livia Tibirna and TDR (Threat Detection & Research) | True | | |
| NoName057(16)’s DDoSia project: 2024 updates and behavioural shifts | 2024-03-01 | True | Amaury G., Maxime A. and TDR (Threat Detection & Research) | True | | |
| The Predator spyware ecosystem is not dead | 2024-02-28 | True | Felix Aimé, Maxime A. and TDR (Threat Detection & Research) | True | | |
| Scattered Spider laying new eggs | 2024-02-22 | True | Pierre-Antoine D., Quentin Bourgue, Livia Tibirna and TDR (Threat Detection & Research) | True | | |
