THE MISSION
THE STRUCTURE
THE TEAM
Our Ambition

The mission

Our mission is to protect our customers' networks by providing cutting-edge strategic and technical threat intelligence, as well as Sigma detection rules, to the Sekoia AI SOC Platform.

From cybercriminals to state-sponsored groups, we are dedicated to investigating, enriching, and delivering contextualized threat intelligence, enabling our customers to detect and anticipate threats targeting them.
Title

The structure

Did you spot the two animals in our logo? That’s because our operations are split into two teams to tackle threats coming from every angle, with four areas of expertise (see below).

There’s the “Octopus” squad, who monitor state-sponsored and strategic threats. Then there’s the “Fox” squad, who track financially motivated cybercriminals.
Title

The team

We’re a specialized unit of threat researchers, reverse engineers, and detection engineers, with backgrounds in everything from geopolitics to offensive security.

Operating out of Paris, Rennes, and beyond, our biggest priority is making sure the intelligence inside Sekoia stays sharp and actionable every single day.
Title

Our 4 pillars of expertise

Strategic analysis

“We provide the strategic and geopolitical context around cyber threats to explain adversaries’ motivations and better understand the threat landscape.”

Strategic Threat Intelligence analyst, SEKOIA TDR

Coline

Threat tracking

“We develop our tools and methodologies to hunt new threats and proactively track known ones.”

Principal Threat Intelligence Analyst & Lead APT researcher, Sekoia TDR

Félix

Detection and hunting

“We develop high-quality Sigma rules to detect the most common TTPs and avoid false positives as far as possible.”

Detection Engineer, Sekoia TDR

Caroline

Reverse engineering

“We analyse malicious code and malware to better understand, track and detect it, and thus protect our customers.”

Senior Reverse Engineer, Sekoia TDR

Pierre

What we focus on

We go far beyond the alerts, turning complex data into the intelligence and rules needed to power your defense.

Provide actionable intelligence

Deliver up-to-date, contextualized, and verified IoCs.

Focus on investigations

Invest in emerging threats and the most active current threats.

Enrich open-source publications

Offer exclusive indicators to our customers.

The tDR Team

Create new detection rules

Advance our threat detection capabilities to identify complex attacker tactics, techniques, and procedures (TTPs).

Contextualize everything

Employ Kill Chain, ATT&CK, STIX modelisation, IOC livetime, and more.

Share with the community

Share our research with high-quality private and public reports.

The TDR team in numbers

From thousands of custom rules to millions of intel objects, we provide the raw power behind the Sekoia AI SOC platform.

10M+

Stix Objects

<0.015%

False positive rate

1000+

Detection rules

5000+

Enriched reports

Read the latest by TDR team

Ipsum adipiscing fringilla quis egestas porta venenatis aliquet aliquet habitant. Pharetra scelerisque aenean consectetur diam nisi eu pellentesque. Fames tempus massa magna aliquam. Suspendisse.

see all tdr articles
Threat Research & Intelligence
TDR
June 11, 2026

APT28, an evolution of tradecraft

Sekoia TDR looks back at how APT28's arsenal has evolved over two decades, from its signature X-Agent implants to disposable modules, edge-device infrastructure and the first LLM-driven malware.

By
Amaury-Jacques GARCON
By
Threat Detection & Research Team
& more
View more
Threat Research & Intelligence
TDR
June 16, 2026

Unveiling ErrTraffic: inside a growing ClickFix malware distribution framework

This report details the ErrTraffic threat and its associated ecosystem, highlighting three specific campaigns and their operators' arsenal.

By
Jérémy SCION
By
Quentin BOURGUE
By
Threat Detection & Research Team
& more
View more
Threat Research & Intelligence
TDR
June 4, 2026

FSB’s matryoshka #3/3 - Gamaredon’s gifts that keeps unpacking - GammaSteel

Discover part 3 of our FSB Matryoshka investigation. We deep dive into Gamaredon's Gammasteel info-stealer, its data exfiltration TTPs, and indicators.

By
Amaury-Jacques GARCON
By
Threat Detection & Research Team
& more
View more

Our conferences

The TDR team travels the globe to share exclusive intelligence and detection strategies with fellow researchers and defenders. Take a look at our latest talks and briefings.

Unplugging PlugX: Sinkholing the plugx  worm botnet

25th April 2024 Nice, France
View more

Infostealers : investigate the cybercrime threat in its ecosystem

5th October 2023 London, England
View more

When a botnet cries: detecting infection chains

5th October 2023 London, England
View more

Sekoia in the media

Our Board of Directors include recognized investors and independent board member Guillaume Poupard, DGA of Docaposte and former GM of ANSSI.

Sekoia in the media
In the media

December 8, 2025

The cyber prosecutor's office enlists a start-up in threat detection

Read more
In the media

June 23, 2025

Anticipating How Adversaries Think: Interview of François Deruty by TechNadu

Read more
In the media

January 15, 2025

Sekoia supports international police operation against PlugX worm

Read more