All posts by webmaster@telsy.com

Unknown threat actor is using Agent Tesla variants against Oil&Gas and Energy Sector

Unknown threat actor is using Agent Tesla variants against Oil&Gas and Energy Sector

On 02/07/2019, Telsy TRT catched a new malware variant belonging to Agent Tesla family addressed to companies operating in the Energy and Oil&Gas sector. Among these organizations, Telsy identifies a very large italian company with a strong international presence, especially in the UAE area. Attack Vector As in many cases we usually observe, the main attack vector used for spreading the malicious payload is email. In this case, we were able to collect some malicious messages sent by threat actor to different targets; these messages are oriented to spoof the identity of what we belive to be a real person involved in engineering field in UAE area. Indeed, we believe […]

Seminar – “An introduction to secure multi – party computation”

Seminar – “An introduction to secure multi – party computation”

Telsy seminar of Giuseppe D’Alconzo entitled : ‘’ An introduction to secure multi – party computation’’ The seminar, organized with The Polytechnic University of Turin, will be held on Monday 15 July at 14.30 PM in Polytechnic’s Aula Buzano – Dipartimento di Scienze Matematiche Abstract: Secure Multi Party Computation (MPC) is a branch of cryptography that allows a set of players to evaluate a public function on private inputs, revealing no information about them apart from the computed output. It is an alternative to the strong assumption of the existence of a trusted party. It was born in the 1980s as a theoretical and not so treatable field for its computational […]

Telsy launches SecureDNS. The first freely available italian DNS service aimed at Privacy and Internet Security.

Telsy launches SecureDNS. The first freely available italian DNS service aimed at Privacy and Internet Security.

What Telsy SecureDNS is ? Telsy SecureDNS is a service able to apply effective security filters on DNS requests that your computers and peripherals make to communicate to the outside world. It does this by applying risk analysis algorithms on every single “resolution” request it manages. The clear advantage of this solution is that you can drastically reduce your level of risk against many cyber threats. Another clear advantage is that…it’s free for Telsy Free SecureDNS. What DNS is ? The DNS protocol is the basis of the Internet and of all online activities. It allows the conversion of a domain name (such as, for example, www.google.com) into numerical addresses […]

Recent “CEO Fraud” campaign is spreading within EU and already made victims. Telsy TRT joined an international collaborative effort for researching and mitigating the threat.

In the first days of May 2019, Telsy TRT joined a collaborative international effort aimed at studying, researching and mitigating a recent malicious campaign carried out by a criminal gang we internally track as #TA-927. Our collaboration has mainly seen, among others, Theo Geurts as an active member of the ICANN community . He has been an essential part of our mitigation efforts. According to Wikipedia, ICANN is the organization responsible for coordinating the maintenance and procedures of several databases related to the namespaces and numerical spaces of the global Internet network. The “CEO Fraud” attempts are not uncommon. Recently, an italian organization has been hit by a similar attack. […]

APT34: New leaked tool named Jason is available for the mass

In the afternoon of 03/06, Lab Dookhtegan released a new tool they report belonging to the hacking arsenal of the group APT34. This hacking tool seems to be useful in order to hack email accounts and consequently exfiltrate data. The archive we got is composed by the following file Archive file for Json data tool First analysis identified two executable files and some others in txt format likely used in supporting tasks. The file Microsoft.Exchange.WebServices.dll is an official component of Microsoft Exchange communication suite. We performed a quick AI powered malware scan getting no results over the first component extracted: Telsy internal file classification service results for Microsoft.Exchange.WebServices.dll The file […]

Following the Turla’s Skipper over the ocean of cyber operations

Following the Turla’s Skipper over the ocean of cyber operations

In the middle of May 2019 new malware variants identified to be part of Turla suite comes into light. Turla, also known as Snake or Uroburos is one of the most advanced threat actor in the cyber operations landscape. The full malicious set retrieved can be referred to a campaign started in the second half of 2018 and likely aimed at compromise government entities and high-level diplomatic institutions. The average number of variants found in conjunction sometime with low detection rates as well as the nature of targeted entities confirm the “APT” nature of the actor and its ability to remain in the shadows for a long time. It has […]

Telsy TRT releases its YARA rule to detect Turla LightNeuron, the Microsoft Exchange backdoor

Telsy TRT releases its YARA rule to detect Turla LightNeuron, the Microsoft Exchange backdoor

A recent APT malware infection, known as LightNeuron, uses the basic functions of Microsoft’s Exchange Server to monitor and control outgoing and incoming communications from mail servers. The threat group that uses it usually targets high-level diplomatic and international relations institutions. In order to assist the security community in fighting and hunting this insidious threat, Telsy TRT has publicly released one of its specific tracking signature on a dedicated GitHub repo. The signature can be downloaded here

Unknown threat actor is using a compromised website belonging to a government institution of Middle-East in a campaign referring commercial and financial themes.

Unknown threat actor is using a compromised website belonging to a government institution of Middle-East in a campaign referring commercial and financial themes.

Recently, Telsy TRT detected a wave of malicious documents trying to impersonate an official institution of a government of Middle-East. Moreover, the website of another government institution of the same country appears to have been compromised in order to spread a dot NET malicious payload. To protect these gov entities, we don’t want for now to share too many details about, but we will integrate this post when the incident response operations from their side will be completed. In consideration of a moderate level of diffusion of the collected malicious payloads as well as limited global requests for DNS resolution of the domain name identified as CnC, we assert that […]

Threat Hunters vs Red Teamers. A meeting in the cyber space…

Threat Hunters vs Red Teamers. A meeting in the cyber space…

Recently, a new wave of malicious decoy Microsoft Office documents addressed exclusively to a central country of the european geographical area was intercepted by Telsy TRT. These have been collected while landing on a media sector company. Observed TTPs did not lead to any known threat actor and initially we were imagining that a new group was coming out of the shadow… Who was operating behind this campaign seemed to use different infection methods to reach the execution of its 1st stage payload, including the adoption of the “EvilClippy” tool, released during a BlackHat Asia talk (March 28, 2019). However, after some time, we gathered evidence that led us to […]

Utilizzando il sito, accetti l'utilizzo dei cookie da parte nostra. maggiori informazioni

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close