Amaury-Jacques GARCON

Threat Researcher

Articles by
Amaury-Jacques GARCON

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

Threat Research & Intelligence

TDR

June 11, 2026

APT28, an evolution of tradecraft

Sekoia TDR looks back at how APT28's arsenal has evolved over two decades, from its signature X-Agent implants to disposable modules, edge-device infrastructure and the first LLM-driven malware.

Amaury-Jacques GARCON

Threat Detection & Research Team

Threat Research & Intelligence

TDR

June 4, 2026

FSB’s matryoshka #3/3 - Gamaredon’s gifts that keeps unpacking - GammaSteel

Discover part 3 of our FSB Matryoshka investigation. We deep dive into Gamaredon's Gammasteel info-stealer, its data exfiltration TTPs, and indicators.

Amaury-Jacques GARCON

Threat Detection & Research Team

Threat Research & Intelligence

TDR

June 3, 2026

FSB’s matryoshka #2/3 - Gamaredon’s gifts that keeps unpacking - GammaLoad

In part 2 of our FSB Matryoshka series, we analyze Gamaredon's Gammaload malware variant, dissecting its technical updates and deployment mechanisms.

Amaury-Jacques GARCON

Threat Detection & Research Team

Threat Research & Intelligence

TDR

June 1, 2026

FSB’s matryoshka #1/3 - Gamaredon’s gifts that keeps unpacking - GammaPhish and GammaWorm

Part 1 of our FSB Matryoshka series. Discover the context behind Gamaredon's cyberespionage campaigns, introducing GammaPhish and GammaWorm operations.

Amaury-Jacques GARCON

Threat Detection & Research Team

Threat Research & Intelligence

TDR

January 29, 2026

Meet IClickFix: a widespread WordPress-targeting framework using the ClickFix tactic

Uncover IClickFix: a malicious framework exploiting the ClickFix tactic in widespread malware campaigns to deliver NetSupport RAT.

Quentin BOURGUE

Amaury-Jacques GARCON

Threat Detection & Research Team

Threat Research & Intelligence

TDR

October 23, 2025

TransparentTribe targets Indian military organisations with DeskRAT

TransparentTribe targets Indian military entities using DeskRAT, a Golang-based remote access Trojan. Learn how this new campaign works.

Amaury-Jacques GARCON

Coline CHAVANE

Threat Detection & Research Team

Threat Research & Intelligence

TDR

September 16, 2025

APT28 Operation Phantom Net Voxel

APT28 Operation Phantom Net Voxel: weaponized Office lures, COM-hijack DLL, PNG stego to Covenant Grunt via Koofr, BeardShell on icedrive.

Amaury-Jacques GARCON

Charles MESLAY

Threat Detection & Research Team

Threat Research & Intelligence

TDR

March 31, 2025

From Contagious to ClickFake Interview: Lazarus leveraging the ClickFix tactic

Discover how Lazarus leverages fake job sites in the ClickFake Interview campaign targeting crypto firms using the ClickFix tactic.

Amaury-Jacques GARCON

Coline CHAVANE

Félix AIME

Threat Detection & Research Team

Threat Research & Intelligence

TDR

January 13, 2025

Double-Tap Campaign: Russia-nexus APT possibly related to APT28 conducts cyber espionage on Central Asia and Kazakhstan diplomatic relations

Uncover the details of UAC-0063 cyberespionage campaign in Kazakhstan and its potential connection to APT28

Amaury-Jacques GARCON

Maxime ARQUILLIERE

Erwan CHEVALIER

Félix AIME

Threat Detection & Research Team

Threat Research & Intelligence

TDR

October 2, 2024

Bulbature, beneath the waves of GobRAT

Since mid 2023, Sekoia Threat Detection & Research team (TDR) investigated an infrastructure which controls compromised edge devices transformed into Operational Relay Boxes used to launch offensive cyber attack.

Threat Detection & Research Team

Amaury-Jacques GARCON

Félix AIME

Threat Research & Intelligence

TDR

September 11, 2024

Securing Gold : Hunting typosquatted domains during the Olympics

Discover how Sekoia.io proactively hunts for typosquatted domains related to the Paris 2024 Olympics to detect and prevent cyber threats.

Maxime ARQUILLIERE

Amaury-Jacques GARCON

Coline CHAVANE

Threat Detection & Research Team

Threat Research & Intelligence

TDR

May 21, 2024

Master of Puppets: Uncovering the DoppelGänger pro-Russian influence campaign

Uncover the details of the DoppelGänger campaign, a Russian influence operation aimed at undermining support for Ukraine.

Threat Detection & Research Team

Coline CHAVANE

Amaury-Jacques GARCON

Kilian SEZNEC

Threat Research & Intelligence

TDR

March 14, 2024

Unveiling the depths of Residential Proxies providers

Discover the growing threat of residential proxies, their role in hiding among legitimate traffic and the challenges they pose in cyberspace.

Threat Detection & Research Team

Amaury-Jacques GARCON

Livia TIBIRNA

Grégoire CLERMONT

OCD CERT

Threat Research & Intelligence

TDR

March 1, 2024

NoName057(16)'s DDoSia project: 2024 updates and behavioural shifts

Learn about NoName057(16), a pro-Russian hacktivist group behind Project DDoSia targeting entities supporting Ukraine. Discover an overview of the changes made by the group, both from the perspective of the software shared by the group to generate DD

Threat Detection & Research Team

Amaury-Jacques GARCON

Maxime ARQUILLIERE

Threat Research & Intelligence

TDR

February 6, 2024

Adversary infrastructures tracked in 2023

Sekoia.io C2 Trackers identified more than 85,000 IP addresses used as C2 servers in 2023, an increase of more than 30% compared to 2022.

Threat Detection & Research Team

Marc NEBOUT

Quentin BOURGUE

Amaury-Jacques GARCON

Grégoire CLERMONT

Threat Research & Intelligence

TDR

June 29, 2023

Following NoName057(16) DDoSia Project’s Targets

DDoSia is a Distributed Denial of Service (DDoS) attack toolkit, developed and used by the pro Russia hacktivist nationalist group NoName057(16) against countries critical of the Russian invasion of Ukraine.

Amaury-Jacques GARCON

Charles MESLAY

Threat Detection & Research Team