Charles MESLAY

Senior Threat Researcher

Articles by
Charles MESLAY

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Threat Research & Intelligence
TDR
September 16, 2025

APT28 Operation Phantom Net Voxel

APT28 Operation Phantom Net Voxel: weaponized Office lures, COM-hijack DLL, PNG stego to Covenant Grunt via Koofr, BeardShell on icedrive.

By
Amaury-Jacques GARCON
By
Charles MESLAY
By
Threat Detection & Research Team
& more
View more
Threat Research & Intelligence
TDR
September 9, 2024

A glimpse into the Quad7 operators' next moves and associated botnets

Uncover the secrets of the Quad7 botnet and its ever-evolving toolset. Learn about the new backdoors and protocols used by these operators.

By
Threat Detection & Research Team
By
Félix AIME
By
Pierre-Antoine DUCHANGE
By
Charles MESLAY
& more
View more
Threat Research & Intelligence
TDR
July 23, 2024

Solving the 7777 Botnet enigma: A cybersecurity quest

Discover 7777 botnet (aka Quad7) and its activity, targets, and use of TP-Link routers in Microsoft 365 attacks in our latest investigation.

By
Threat Detection & Research Team
By
Félix AIME
By
Pierre-Antoine DUCHANGE
By
Charles MESLAY
By
Grégoire CLERMONT
& more
View more
Threat Research & Intelligence
TDR
April 25, 2024

Unplugging PlugX: Sinkholing the PlugX USB worm botnet

Learn about our process for collecting telemetry data from PlugX worm-infected workstations, as well as how to disinfect them.

By
Threat Detection & Research Team
By
Félix AIME
By
Charles MESLAY
& more
View more
Threat Research & Intelligence
TDR
June 29, 2023

Following NoName057(16) DDoSia Project’s Targets

DDoSia is a Distributed Denial of Service (DDoS) attack toolkit, developed and used by the pro Russia hacktivist nationalist group NoName057(16) against countries critical of the Russian invasion of Ukraine.

By
Amaury-Jacques GARCON
By
Charles MESLAY
By
Threat Detection & Research Team
& more
View more
Threat Research & Intelligence
TDR
March 16, 2023

Peeking at Reaper’s surveillance operations

In this blogpost you will find the results of a survey conducted by our analysts on two Command and Control servers (C2s) of the North Korea-nexus intrusion set Reaper (aka APT37). This investigation led to the uncovering of several phishing webpages

By
Charles MESLAY
By
Félix AIME
& more
View more
Threat Research & Intelligence
TDR
August 12, 2022

LuckyMouse uses a backdoored Electron app to target MacOS

LuckyMouse uses a backdoored Electron app to target MacOS. This is the first time that Sekoia observed LuckyMouse targeting MacOS.

By
Félix AIME
By
Charles MESLAY
By
Threat Detection & Research Team
& more
View more