#TDR analysts dig into a modus operandi targeting the hospitality industry and the related cybercrime ecosystem that facilitates #phishing and #fraud campaigns. https://t.co/WpheOEJHRA

We hear you! Registration opens next week, so keep an eye on our social media. The registration link, also known as the 'Ask for invite', will soon be available on https://t.co/8wJi05kGgn #PIVOTcon26 #CTI #ThreatIntel #StayTuned

Discover how #TransparentTribe (#APT36) uses a disguised DESKTOP dropper to deploy #DeskRAT, a Golang RAT, on BOSS Linux endpoints in India. Our Sekoia #TDR report breaks down the full infection chain and stealthy WebSocket C2 communications Read more 👉 https://t.co/gVhBbmP2Jq

Our latest technical deep-dive unravels the mystery behind the opaque numeric codes (16, 272, 33554432, etc.) you see in #Microsoft365 audit logs. https://t.co/cejqzvjsPQ

After our initial #PolarEdge #botnet write-up, we’re happy to announce the second part: “Defrosting PolarEdge’s Backdoor,” a full technical deep-dive into its TLS-based implant. https://t.co/Qo8cOvTZRc

🚨 Je recherche un Threat Researcher pour l’équipe TDR de @sekoia_io ! Tu aimes faire des règles #Sigma et #Yara ? Tu adores pivoter et traquer les infrastructures (C2) d’attaques des cybercriminels ? Alors ce job est fait pour toi ! https://t.co/HB2Bmq04Af

📱 Silent Smishing: The Hidden Abuse of Cellular Router APIs Our latest #CTI investigation from Sekoia #TDR team uncovers a novel #smishing vector abusing Milesight industrial cellular router APIs to send phishing #SMS at scale. https://t.co/QNGF3d7qZf

🧀🎣Since early September 2025, the Orange Cyberdefense CSIRT and CyberSOC teams have detected phishing campaigns impersonating Meta, AppSheet and PayPal, leading to malware delivery. Our team tracks this activity under the alias "Metappenzeller" #CTI #ThreatIntel #Metappenzeller

🐻 #APT28 – Operation Phantom Net Voxel: deep-dive into the latest spear-phishing campaign targeting Ukrainian military administrative staff. https://t.co/jug6DMQ1A3

An open-source YARA rule from @SEKOIA_IO triggered on the sample – and it’s part of their public repo. The attribution in the rule name is probably misleading though, given this kind of obfuscation comes from public tools. The rule has been included in the YARA Forge set for a

[Threat investigation alert 🚨] Predators for Hire: A Global Overview of Commercial Surveillance Vendors ➡️ https://t.co/ZhaCSCPrMQ

Tracking ❄️PolarEdge → Residential Proxy #Botnets & ORBs • Preferred by 🇨🇳 actors • Targets Cisco, ASUS, NAS, #SOHO gear • Mbed TLS backdoor on high ports • 150 → 40k infected since 2023 • Hotspots: 🇰🇷 51.6% | 🇺🇸 21.1% Details + detection: https://t.co/I8pTCRXdi3

And everything is hosted on a single platform. At the end of the process, you're politely asked to download a 'driver' to magically make your webcam work ✨ Spoiler alert: it's not a driver, it's #GolangGhost, a custom malware with remote access capabilities.

Well, this campaign is still alive and evolving. Since then, dozens of new domains have surfaced. And in June, things got even more interesting 👀 We came across a new site: apply[.]waventic[.]com This time, it has been upgraded: fresh visuals, new interview questions...

🔥 Hot summer, sizzling crypto... and scammers turning up the heat 🔥 Back in March, Sekoia #TDR team published a deep-dive report on a #Lazarus cluster we dubbed #ClickFake Interview, leveraging the #ClickFix technique in their #ContagiousInterview campaign.

🚨 Operation Eastwood targets pro-Russian cybercrime network NoName057(16) and shuts down over one hundred criminal servers in global operation. Read more in our press release ⤵️ https://t.co/nxNSI7NBRr

You can find the phishing kit sheets on our blog: https://t.co/6ohaknLWR0 And on our Community GitHub:

These sheets aim to assist SOC analysts in detecting and investigating #AitM #phishing compromises by offering context, technical details, infrastructure overview, detection opportunities, and more. All are available in the PDF report and our Community GitHub.

A few weeks ago, we published our global analysis of Adversary-in-the-Middle #phishing threats, providing actionable intelligence on multiple #AitM phishing kits. This report includes 11 sheets covering the most widespread #AitM phishing kits as of Q1 2025.

🧀 Update on MintsLoader: a thread 🔽 MintsLoader is a JavaScript/PowerShell loader that was first detailed by OCD in 2024. A new version has been around at least since early-June 2025. #cti #ThreatIntel #mintsloader