Nicolas Caproni's Avatar

Nicolas Caproni

@caproni.fr

Head of Sekoia Threat Detection & Research (TDR) team β€’ Cyber Threat Intelligence β€’ Detection Engineering β€’ SOC Platform πŸ‡«πŸ‡· πŸ‡ͺπŸ‡Ί β€’ Hip-Hop β€’ Basketball

519
Followers 184
Following 82
Posts 06.11.2023
Joined
Posts Following

Latest posts by Nicolas Caproni @caproni.fr

Post image

πŸ‡·πŸ‡Ί French NGO Reporters Without Borders targeted by #Calisto in recent campaign

Sekoia #TDR analysed a recent #Calisto (aka #ColdRiver #Star Blizzard) spear-phishing campaign aimed at Reporters sans frontières and other #Ukraine-supporting organisations.

blog.sekoia.io/ngo-reporter...

04.12.2025 08:26 πŸ‘ 5 πŸ” 4 πŸ’¬ 1 πŸ“Œ 0
Post image Post image Post image Post image

Histoire et dissection du π‘šπ‘Žπ‘™π‘€π‘Žπ‘Ÿπ‘’ ou chargeur malveillant πŸ‡·πŸ‡Ί #Latrodectus par Pierre Le Bourhis @sekoia.io Γ  #UYBHYS25
@uybhys.bsky.social

08.11.2025 15:35 πŸ‘ 4 πŸ” 2 πŸ’¬ 1 πŸ“Œ 0
Post image

#TDR analysts dig into a modus operandi targeting the hospitality industry and the related cybercrime ecosystem that facilitates #phishing and #fraud campaigns.

blog.sekoia.io/phishing-cam...

06.11.2025 10:27 πŸ‘ 5 πŸ” 3 πŸ’¬ 1 πŸ“Œ 0
Post image

After our initial #PolarEdge #botnet write-up, we’re happy to announce the second part: β€œDefrosting PolarEdge’s Backdoor,” a full technical deep-dive into its TLS-based implant.

blog.sekoia.io/polaredge-ba...

14.10.2025 13:35 πŸ‘ 2 πŸ” 3 πŸ’¬ 1 πŸ“Œ 0
Preview
Technical Threat Researcher – Sekoia.io – Permanent contract – Fully-remote Sekoia.io is looking for a Technical Threat Researcher!

Je recherche un Threat Researcher pour l’équipe TDR de @sekoia.io !

Vous aimez faire des rΓ¨gles #Sigma et #Yara ? Vous adorez pivoter et traquer les infrastructures (C2) d’attaques des cybercriminels ?

Alors cette offre d’emploi est faite pour vous !

www.welcometothejungle.com/en/companies...

06.10.2025 17:26 πŸ‘ 2 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Post image

Key takeaways:

βœ‰οΈ API exploitation: attackers leverage an exposed /cgi endpoint to push malicious SMS without authentication
🌐 Scale of exposure: over 18,000 routers accessible on the internet; 572 confirmed vulnerable

02.10.2025 13:56 πŸ‘ 1 πŸ” 1 πŸ’¬ 1 πŸ“Œ 0
Post image

πŸ“± Silent Smishing: The Hidden Abuse of Cellular Router APIs

Our latest #CTI investigation from Sekoia #TDR team uncovers a novel #smishing vector abusing Milesight industrial cellular router APIs to send phishing #SMS at scale.

blog.sekoia.io/silent-smish...

02.10.2025 13:56 πŸ‘ 6 πŸ” 4 πŸ’¬ 1 πŸ“Œ 0
Post image

🐻 #APT28 – Operation Phantom Net Voxel: deep-dive into the latest spear-phishing campaign targeting Ukrainian military administrative staff.

blog.sekoia.io/apt28-operat...

16.09.2025 12:59 πŸ‘ 2 πŸ” 2 πŸ’¬ 1 πŸ“Œ 1
Post image

[Threat investigation alert 🚨] Predators for Hire: A Global Overview of Commercial Surveillance Vendors

➑️ blog.sekoia.io/predators-fo...

02.09.2025 09:55 πŸ‘ 2 πŸ” 4 πŸ’¬ 1 πŸ“Œ 0
Post image

πŸ”₯ Hot summer, sizzling crypto... and scammers turning up the heat πŸ”₯

Back in March, Sekoia #TDR team published a deep-dive report on a #Lazarus cluster we dubbed #ClickFake Interview, leveraging the #ClickFix technique in their #ContagiousInterview campaign.

21.07.2025 14:40 πŸ‘ 1 πŸ” 1 πŸ’¬ 1 πŸ“Œ 0

You can find the phishing kit sheets on our blog: blog.sekoia.io/global-analy...

And on our Community GitHub: github.com/SEKOIA-IO/Co...

08.07.2025 07:53 πŸ‘ 1 πŸ” 2 πŸ’¬ 0 πŸ“Œ 0
Post image

These sheets aim to assist SOC analysts in detecting and investigating #AitM #phishing compromises by offering context, technical details, infrastructure overview, detection opportunities, and more.

All are available in the PDF report and our Community GitHub.

08.07.2025 07:53 πŸ‘ 1 πŸ” 2 πŸ’¬ 1 πŸ“Œ 0
Post image

A few weeks ago, we published our global analysis of Adversary-in-the-Middle #phishing threats, providing actionable intelligence on multiple #AitM phishing kits.

This report includes 11 sheets covering the most widespread #AitM phishing kits as of Q1 2025.

08.07.2025 07:53 πŸ‘ 5 πŸ” 2 πŸ’¬ 1 πŸ“Œ 0
Post image

πŸ“ Our latest #TDR report delivers an in-depth analysis of Adversary-in-the-Middle (#AitM) #phishing threats - targeting Microsoft 365 and Google accounts - and their ecosystem.

This report shares actionable intelligence to help analysts detect and investigate AitM phishing.

11.06.2025 08:32 πŸ‘ 10 πŸ” 7 πŸ’¬ 1 πŸ“Œ 0
Preview
The Sharp Taste of Mimo'lette: Analyzing Mimo’s Latest Campaign targeting Craft CMS Analysis of the CVE-2025-32432 compromise chain by Mimo: exploitation, loader, crypto miner, proxyware, and detection opportunities.

πŸ§€ The Sharp Taste of #Mimo’lette: Analyzing Mimo’s Latest Campaign targeting #Craft CMS

blog.sekoia.io/the-sharp-ta...

27.05.2025 13:16 πŸ‘ 3 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Preview
ViciousTrap - Infiltrate, Control, Lure: Turning edge devices into honeypots en masse. Discover ViciousTrap, a newly identified threat who turning edge devices into honeypots en masse targeting

πŸͺ€ Sekoia #TDR's new exclusive research uncovers the #ViciousTrap, a honeypot network deployed on compromised edge devices.

blog.sekoia.io/vicioustrap-...

22.05.2025 14:17 πŸ‘ 4 πŸ” 2 πŸ’¬ 0 πŸ“Œ 0
Post image

Our new report describes one of the latest observed infection chains (delivering #AsyncRAT) relying on the #Cloudflare tunnel infrastructure and the attacker’s #TTPs with a principal focus on detection opportunities.

blog.sekoia.io/detecting-mu...

23.04.2025 08:33 πŸ‘ 2 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Post image

Since the apparition of the #Interlock ransomware, the Sekoia #TDR team observed its operators evolving, improving their toolset (#LummaStealer and #BerserkStealer), and leveraging new techniques such as #ClickFix to deploy the ransomware payload.

blog.sekoia.io/interlock-ra...

16.04.2025 09:13 πŸ‘ 2 πŸ” 5 πŸ’¬ 0 πŸ“Œ 1
Preview
Pour accΓ©lΓ©rer son dΓ©veloppement, Sekoia.io lΓ¨ve 26 M€ - Le Monde Informatique AprΓ¨s un premier tour de table de 35 M€, Sekoia.io annonce une seconde levΓ©e de fonds de 26 M€. Ce financement va servir Γ  l'Γ©diteur de...

Pour accΓ©lΓ©rer son dΓ©veloppement, @sekoia.io lΓ¨ve 26 M€

www.lemondeinformatique.fr/actualites/l...

09.04.2025 15:13 πŸ‘ 2 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Post image

πŸŽ‰ It's not about a CTI investigation or a Detection Engineering topic, but today we are happy to announce that Sekoia.io has raised €26m!
www.sekoia.io/en/presse/se...

09.04.2025 13:16 πŸ‘ 4 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Post image

Retrouvez moi toute la journΓ©e au Forum INCYBER Europe (#FIC2025) pour Sekoia.io ! Rendez-vous stand #A17 pour Γ©changer !

02.04.2025 07:30 πŸ‘ 2 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Post image

πŸ‡°πŸ‡΅ Sekoia #TDR team investigated a malicious campaign that employs fake job interview websites to deliver backdoors on Windows and macOS - #GolangGhost using #ClickFix tactic. Dubbed #ClickFake Interview, this campaign has been attributed to #Lazarus APT

blog.sekoia.io/clickfake-in...

31.03.2025 09:27 πŸ‘ 5 πŸ” 2 πŸ’¬ 0 πŸ“Œ 0
Post image

The conclusion (part three) of our series on #DetectionEngineering is finally here! buff.ly/dijB0fy

10.03.2025 16:48 πŸ‘ 3 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Post image

#ClearFake variant is now spreading #Rhadamanthys Stealer via #Emmenhtal Loader.

cc @plebourhis.bsky.social @sekoia.io

1. ClearFake framework is injected on compromised WordPress and relies on EtherHiding

2. The #ClickFix lure uses a fake Cloudflare Turnstile with unusual web traffic

⬇️

06.03.2025 10:50 πŸ‘ 3 πŸ” 2 πŸ’¬ 2 πŸ“Œ 0
Post image

Using our #honeypots, we uncovered an unreported #botnet that has been operational since at least the end of November 2023. This #PolarEdge botnet has been focusing on #edge devices, particularly those made by #Cisco, #Asus, #QNAP, and #Synology.

https://buff.ly/4ibOEo8

25.02.2025 13:22 πŸ‘ 6 πŸ” 4 πŸ’¬ 0 πŸ“Œ 0
Post image

Cyber threats impacting the financial sector: focus on the main actors

We're thrilled to announce the release of the latest strategic report by Sekoia #TDR. This analysis highlights key cyber threats to the #financial sector in 2024.

https://buff.ly/3D3IZl7

24.02.2025 09:27 πŸ‘ 5 πŸ” 2 πŸ’¬ 0 πŸ“Œ 1
Preview
Detection engineering at scale: one step closer (part two) Discover the power of detection engineering and how it can help scale your cybersecurity projects efficiently.

πŸ” Large-scale detection engineering: part two! πŸš€

In this article, we explore an innovative approach that transforms the execution of automated actions via CI/CD pipelines, enabling effective scaling and alignment with developer and DevOps practices.

04.02.2025 13:51 πŸ‘ 3 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Preview
Sr Technical Threat Researcher - Sekoia.io - CDI - TΓ©lΓ©travail total Sekoia.io recrute un(e) Sr Technical Threat Researcher !

🚨To strengthen the #investigation and #detection capabilities of the Sekoia.io Threat Detection & Research (TDR) team, we are looking for a Senior Technical Threat Researcher!

www.welcometothejungle.com/fr/companies...

#CTI #DetectionEngineering

29.01.2025 13:59 πŸ‘ 5 πŸ” 4 πŸ’¬ 0 πŸ“Œ 0
Post image

TDR analysts analysed the supply chain attack targeting Chrome browser extensions, which potentially affected hundreds of thousands of end users in December 2024.

https://buff.ly/4auQ0HN

22.01.2025 14:30 πŸ‘ 8 πŸ” 4 πŸ’¬ 1 πŸ“Œ 1
Post image

Around 1,000 malicious domains are hosting webpages impersonating Reddit and WeTransfer, redirecting users to download password-protected archives

These archives contain an AutoIT dropper, we internally named #SelfAU3 Dropper at @sekoia.io, which executes #Lumma Stealer

IoCs ⬇️

20.01.2025 18:13 πŸ‘ 9 πŸ” 6 πŸ’¬ 2 πŸ“Œ 0