login

French stealer ecosystem: the resurgence skid gangs in cybercrime space
.ical
2025-10-24 , Europe

For years, cybersecurity reports have centered around well-known stealers like Vidar and Raccoon. there’s an often overlooked and underestimated threat that exists : low-profile cybercriminals
. These are typically young actors, flying under the radar and posing a unique and evolving risk.

In this talk, we will dive into the French stealer ecosystem, offering insights into the lesser-known groups operating within it. After an overview of the ecosystem—mapping out the groups and their interconnections—we will provide a technical deep-dive into the simplicity and effectiveness of their stealers. We’ll also reveal how we identified similar stealers lurking in open-source repositories.

The final part of the presentation will expose the poor operational security practices of these actors, culminating in a compelling case study of the group 'Epsilon.' Starting from a simple forum complaint, we’ll demonstrate how we uncovered a surprising link between one of the group’s administrators and a potential drug trafficking operation.

This presentation will explore the ecosystem of French-speaking infostealers, focusing on the groups that sell and distribute them and the connections between key actors. We’ll start with an overview of recent developments, identifying recurring pseudonyms and linking various groups.

Next, we’ll dive into the technical side, analyzing how stealers operate, examining their code, and exploring how open-source tools like Bytestealer seems to be customized by threat actors to create advanced malware.

We’ll then profile the administrators behind theses campaigns, analyzing their interactions and operational security (OpSec) missteps that expose them to identification. We will wrap up with a case study on the Epsilon group, revealing the connection between one of its administrators and a possible drug trafficking network, showing how these cybercriminals often diversify into other illegal activities.

Key Takeaways:

  • French Stealer Ecosystem Overview: Understand the structure and connections of various French-speaking stealer groups.

  • Technical Insights on Stealers: Learn how these stealers operate and how open-source tools are use to enhance their capabilities.

  • Profiling Threat Actors: Discover how analyzing cybercriminal interactions and OpSec errors can lead to identification and disruption.

  • Epsilon Group Case Study: See how one group’s activities extend into illicit fields like drug trafficking, underscoring the broader impact of these operations.

See also: Report about the submission : "Stealing with flair: French young actors unveiled"
The speaker’s profile picture
0xSeeker

I’m 0xSeeker, currently CTI & CTH analyst in the purple team @Gatewatcher. Part of my cybersecurity experience, I've spent 6 years focusing on red team and CTI on industrial area.