Unveiling the depths of Residential Proxies providers

This joint Sekoia.io and Orange Cyberdefense report analyzes the residential proxy (RESIP) ecosystem, highlighting how providers acquire and scale IP pools (via proxyware, SDKs, and device compromise), how cybercriminals and nation-state actors (including APT29) abuse RESIP for espionage, fraud, DDoS and evasion, and provides observed indicators of compromise, case studies, and defensive recommendations for hunting and blocking proxyware in enterprise networks.