Threat Research & Intelligence
TDR

Sold to the Highest Bidder: The Escalation of ADINT from Geolocation Tracking to Intrusion Vector

Discover how private companies repurpose the advertising ecosystem into a global surveillance apparatus.
June 25, 2026
Threat Detection & Research Team
Maxime ARQUILLIERE
Coline CHAVANE
Read more
ALL
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Latest blogs
Product News
March 10, 2023

How to improve data collection from endpoints? (tutorial 2023)

The SEKOIA.IO Agent is out of Beta. To install it, simply follow the different configuration steps that we detail in this blogpost.

By
Sekoia.io
View more
Threat Research & Intelligence
TDR
February 27, 2023

Stealc: a copycat of Vidar and Raccoon infostealers gaining in popularity - Part 2

This blogpost is a technical analysis of Stealc infostealer, detailing different characteristics of the malware, including anti analysis, strings de-obfuscation and C2 communication techniques.

By
Pierre LE BOURHIS
By
Quentin BOURGUE
By
Threat Detection & Research Team
View more
Threat Research & Intelligence
TDR
February 21, 2023

One Year After: The Cyber Implications of the Russo-Ukrainian War

One year after the start of Russo-Ukrainian War, our analysts share through their analysis pertaining to the cyber picture.

By
Livia TIBIRNA
By
Maxime ARQUILLIERE
By
Threat Detection & Research Team
View more
Threat Research & Intelligence
TDR
February 20, 2023

Stealc: a copycat of Vidar and Raccoon infostealers gaining in popularity - Part 1

This blogpost aims at presenting the activities of the Stealc’s alleged developer, a technical analysis of the malware and its C2 communications, and how to track it.

By
Quentin BOURGUE
By
Pierre LE BOURHIS
By
Threat Detection & Research Team
View more
Threat Research & Intelligence
TDR
January 31, 2023

SEKOIA.IO Ransomware Threat Landscape - second-half 2022

This blogpost aims at analysing and highlighting trends within the ransomware ecosystem in the second half of 2022

By
Livia TIBIRNA
By
Threat Detection & Research Team
View more
Threat Research & Intelligence
TDR
January 18, 2023

Command & Control infrastructures tracked by Sekoia.io in 2022

Throughout 2022, SEKOIA.IO's Threat & Detection Research (TDR) team continued to proactively track and monitor the Command & Control (C2) infrastructures set up and used by cybercriminal or state sponsored intrusion sets to carry out malicious cyber

By
Marc NEBOUT
By
Threat Detection & Research Team
View more
Threat Research & Intelligence
TDR
January 10, 2023

Raspberry Robin's botnet second life

As many botnets and worms, Sekoia analysts demonstrate through this article that Raspberry Robin can be repurposed by other threat actors to deploy their own implants.

By
Félix AIME
By
Threat Detection & Research Team
View more
Threat Research & Intelligence
TDR
January 6, 2023

Unveiling of a large resilient infrastructure distributing information stealers

This blogpost aims at presenting the current infection chain, payloads and the whole infrastructure used to distribute infostealers

By
Quentin BOURGUE
By
Threat Detection & Research Team
View more
Threat Research & Intelligence
TDR
December 22, 2022

New RisePro Stealer distributed by the prominent PrivateLoader

This article aims at presenting SEKOIA.IO RisePro information stealer analysis.

By
Pierre LE BOURHIS
By
Threat Detection & Research Team
View more
Threat Research & Intelligence
TDR
December 16, 2022

The DPRK delicate sound of cyber

Discover malicious activities associated to the DPRK-nexus Intrusion Sets (Kimsuky and Lazarus group) reported in open sources in 2022.

By
Threat Detection & Research Team
View more
Product News
December 12, 2022

How to use Sekoia.io indicators in Microsoft Sentinel ?

Sekoia.io indicators can be integrated into Microsoft Sentinel One. In this blogpost, discover how to take advantage of this integration.

By
Sekoia.io
View more
Threat Research & Intelligence
TDR
December 5, 2022

Calisto show interests into entities involved in Ukraine war support

Calisto (aka Callisto, COLDRIVER) is suspected to be a Russian-nexus intrusion set active since at least April 2017. Although it was not publicly attributed to any Russian intelligence service, past Calisto operations showed objectives and victimolog

By
Félix AIME
By
Maxime ARQUILLIERE
By
Threat Detection & Research Team
View more
Threat Research & Intelligence
TDR
December 1, 2022

Lucky Mouse: Incident Response to Detection Engineering

This blogpost discusses how the Tactics, Techniques and Procedures (TTPs) used by the APT27 (Lucky Mouse) intrusion set in the last incident reported by Intrinsec, a Sekoia Managed Security Service Provider (MSSP) partner, are detected using SEKOI

By
Guillaume COUCHARD
By
Threat Detection & Research Team
View more
Threat Research & Intelligence
TDR
November 21, 2022

Aurora: a rising stealer flying under the radar

SEKOIA.IO analysed Aurora in depth and share the results of our investigation in this article.

By
Quentin BOURGUE
By
Pierre LE BOURHIS
By
Threat Detection & Research Team
View more
Detection Engineering
TDR
November 2, 2022

BlueFox Stealer: a newcomer designed for traffers teams

In September 2022 during routine Dark Web monitoring we identified BlueFox Stealer v2, a newly-advertized information stealer sold as MaaS.

By
Quentin BOURGUE
By
Threat Detection & Research Team
View more
Detection Engineering
TDR
October 3, 2022

XDR detection engineering at scale: crafting detection rules for SecOps efficiency

In this blogpost we present Sekoia’s process to create detection rules, which first requires explaining our detection workflow as well as understanding Sekoia XDR history and specificities.

By
Guillaume COUCHARD
By
Erwan CHEVALIER
By
Threat Detection & Research Team
View more

Threat Detection & Research team

Sekoia Threat Detection & Research team, commonly known as the TDR team, is the driving force behind the Sekoia SOC platform, delivering exclusive threat intelligence.

Meet TDR team

Read latest TDR articles