2023-03-16

IPFS: A New Data Frontier or a New Cybercriminal Hideout?

Hey mates,

It is with a great pleasure that I can announce the release of a new research on IPFS. I am very honored to be the first one to expose real cybercrime statistics on the usage of IPFS in this paper I wrote with my colleagues Jaromir and Loseway :-)

It is available here.

2022-03-08

New RURansom Wiper Targets Russia

Hi all,

I just wrote this quick blog post with my colleague Jaromir.

Support Ukraine !

2022-01-17

Delving Deep: An Analysis of Earth Lusca’s Operations

Hey folks,

We just released this one - Delving Deep: An Analysis of Earth Lusca’s Operations

Summary is here

Full paper is here.

Finally, all IOCs are available here.

I hope you'll enjoy this ride into the TTP of that threat actor !

2021-11-15

The Risks of Subscription Sharing Platforms

Hi all,

I published a quicky here, about subscription sharing platforms.

For me the dangerous part is when users share their unique login/password to VPN services. They share it with several people, who might even unsubscribe but keep using the same credentials after they ended the deal. VPN for free in a bad way. What could possibly go wrong with that model ? :p

2021-11-10

Void Balaur and the Rise of the Cybermercenary Industry

It is rare to be able to track the activities of a real cybermercenary threat actor. But we did ;-)

Ladies and gents, please meet Void Balaur.

Full paper here.

Forbes article here, Le Monde here.

2021-08-25

Interview dans L'Express - Hackers "éthiques" : ces chevaliers blancs au service des entreprises

Hello,

J'ai récemment eu le plaisir de donner mon avis sur certains aspects du Darkweb français, ça se passe dans L'Express. En plus y'a l'ami ninja Renaud qui est également présent ;-)

2021-06-18

Fake DarkSide Campaign Targets Energy and Food Sectors

Hi all,

I just published this quick one about some opportunistic fraudsters pretending to be the DarkSide threat. Enjoy :-)

2021-04-30

How Cybercriminals Abuse OpenBullet for Credential Stuffing

Hi all,

I just released this one with my colleagues Fyodor & Vlad.

I hope it will raise some awareness on why you should never use the same password on any service/website.

A video can also be found here ;-)

2021-03-19

MISC HS 23 - DFIR et CTI, une complémentarité idéale

Hello à tous/toutes,

Ça faisait longtemps que je n'avais plus écrit dans MISC, alors hop, le dernier Hors-Série sur le forensics m'a permis de publier un petit article sur la complémentarité entre la réponse à incident et le forensics (DFIR) et la Threat Intelligence.

J'espère qu'il vous plaira ;-)

mischs23.png, mar. 2021

2021-02-05

Le Darknet

Hello,

J'ai publié ce mois-ci un article "première approche" sur le Darknet et la cybercriminalité qui tourne autour, dans le magazine Dalloz IP / IT.

dalloz.png, mar. 2021

2020-12-03

Scammers Use Home Addresses of Targets in France

Hi all,

I wrote this one in English but it definitely targets France :

Scammers Use Home Addresses of Targets in France

UPDATE - 2020/12/08 : An interview given in Le Parisien can be read here :

https://www.leparisien.fr/high-tech/arnaque-une-campagne-sophistiquee-de-phishing-promet-des-faux-remboursements-par-darty-08-12-2020-8413129.php

2020-10-06

French companies Under Attack from Clever BEC Scam

Hi all,

Here is my latest blog post about a clever BEC attack that targets a lot of different companies in France:

French companies Under Attack from Clever BEC Scam

Le Monde newspaper published a very nice French article about it here.

Also, the article from Le Figaro.

2020-02-18

Operation DRBControl Uncovering a Cyberespionage Campaign Targeting Gambling Companies in Southeast Asia

Quite proud of this new publication done with several extremely talented colleagues, thanks Daniel, Jaromir, Jamz, and Kenney :-)

Operation DRBControl - Uncovering a Cyberespionage Campaign Targeting Gambling Companies in Southeast Asia

Full paper is here: https://documents.trendmicro.com/assets/white_papers/wp-uncovering-DRBcontrol.pdf

Hope you will enjoy, and see you soon for another stunning APT research (yes, already working on another... :p) :-)

2019-12-20

MISC 107 -

Hello,

Cela faisait longtemps que je n'avais pas contribué à MISC, non pas par manque de temps ou de motivation mais tout simplement par manque de sujet intéressant. Il devient difficile pour moi de trouver des sujets qui n'ont pas déjà été exposés dans MISC, et je dois bien avouer que je ne prends pas forcément le temps non plus de me creuser le caillou pour trouver des sujets.

Celui-ci est plutôt lié à mon actualité professionnelle, puisque depuis de nombreux mois je vois de plus en plus de malwares (notamment en APT) utilisant des plateformes légitimes pour gérer leurs communications.

Je vous invite donc à lire mon nouvel article dans MISC 107 sur ce sujet.

Et bonnes fêtes de fin d'année ! :-)

misc-107.jpg, déc. 2019

2019-12-12

Drilling Deep: A Look at Cyberattacks on the Oil and Gas Industry

Hi all,

I am very proud to provide you with a new paper I wrote in collaboration with my colleague Feike Hacquebord, entitled "Drilling Deep: A Look at Cyberattacks on the Oil and Gas Industry".

Full paper is here.

I hope you will enjoy it ! :-)

2019-11-14

More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting

Hello there,

I had the pleasure to work with Feike and Kenney on this blog post which reveals an interesting (hopefully) part of APT33's infrastructure.

Hope you'll like it !

2019-09-10

Interview dans Libération - RETADUP

Hello,

J'ai récemment été interviewé par Libération à propos de RETADUP.

Le buzz du moment sur Retadup m'a laissé un peu aigri, parce que de nombreux articles écrits par des journalistes non méticuleux indiquent que c'est la société Avast qui a découvert Retadup en Mars 2019, alors que j'ai bloggé en compagnie de mes collègues sur le sujet à plusieurs reprises en 2017:

https://blog.trendmicro.com/trendlabs-security-intelligence/information-stealer-found-hitting-israeli-hospitals/

http://blog.trendmicro.com/trendlabs-security-intelligence/android-backdoor-ghostctrl-can-silently-record-your-audio-video-and-more/

http://blog.trendmicro.com/trendlabs-security-intelligence/new-retadup-variants-hit-south-america-turn-cryptocurrency-mining/

Ceci n'enlève rien bien sûr à l'excellent travail fourni par le C3N de la Gendarmerie Nationale, et la société Avast. Bravo à eux ! :-)

2019-07-16

The SLUB guys are back !

The SLUB guys are back !

We detected them from another watering hole, and they updated their malware. More about it here.

As a reminder, we first published about them here

2019-06-13

Advanced Targeted Attack Tools Found Being Used to Distribute Cryptocurrency Miners

Hey there :-)

I just contributed to a new blog post about some cybercriminals using advanced tools to spread a cryptocurrency miner.

The full blog post is here.

Cheers !

2019-03-07

New SLUB Backdoor Uses GitHub, Communicates via Slack

So here is a new blog post. It was a great collaborative work with several of my highly skilled colleagues :-)

It is all about a new malware we discovered recently, used in an APT, and sitting on an interesting watering hole.

- page 1 of 9