Cybersecurity & Cyberattacks, a Hand In Hand Development Through The Years

Cybersecurity & Cyberattacks, a Hand In Hand Development Through The Years

The birth of the internet and the digital era brought to the light the theme of “cybersecurity”, that over the past years gained more and more importance. Security, indeed, has always been a challenge for IT people and corporate organizations alike since the launching of the first internet network, ARPAnet. During the seventies, the first viruses appeared in this web, that was developed for military purposes and that later on  became a universal  tool. Robert Thomas was the engineer who developed the first malware called “creeper”. He realized that it was possible to move across networks through a computer program and leave a mark. Taking inspiration from Thomas’ malware, Ray […]

Telsy is working for the planet

Telsy is working for the planet

Plastic is a term derived from the Latin “plasticus”, an evolution of the Greek term “plastikos”, that was used to describe something capable of being easily modelled. Today “plastics” or “plastic materials” are the terms used to describe an extremely large family of very different materials with different characteristics, properties and uses, that with the actual increased production and everyday usage are now heavily contributing in damaging our planet. A quarter of the plastic waste produced is released into nature every year and 600,000 tonnes end up polluting the Mediterranean Sea. It’s the equivalent of roughly 563 plastic bottles being dumped into the Mediterranean Sea every second. The root cause […]

DeadlyKiss: Hit one to rule them all. Telsy discovered a probable still unknown and untreated APT malware aimed at compromising Internet Service Providers

DeadlyKiss: Hit one to rule them all. Telsy discovered a probable still unknown and untreated APT malware aimed at compromising Internet Service Providers

In the first days of September 2019, Telsy Cyber Threat Intelligence Unit received a variant of a strange and initially mysterious malware from a stream of thousands of samples coming from a partner operating in the telecommunications and internet connectivity sector. Although this sharing had not been accompanied by much information about it, it immediately seemed quite clear that the object under analysis was not something very common to be observed. Indeed, a clear picture emerged that led to the observation of an advanced, rare and extremely evasion-oriented malware, which implements effective layered obfuscation techniques and adopts many solutions dedicated to operate “under the radar”. Finding no publicly known evidence […]

Zebrocy relies on dropbox and remote template injection to supply its dishes to an institution of Eastern Europe diplomatic sector.

Zebrocy relies on dropbox and remote template injection to supply its dishes to an institution of Eastern Europe diplomatic sector.

// Introduction On the 22nd of August 2019, a new spear-phishing email message has been collected by Telsy CTI Team. This malicious email has been armed with an attached lure document designed to infect and steal data from victim systems after executing a sequence of multi-stage malicious instructions. // Actor Profiling Zebrocy has been considered for years a subgroup of Sofacy (aka APT28, aka Fancy Bear, aka Group 74). However, it appears very different from the latter mainly due to its lower level of sophistication and an extensive use of a deal of development languages. Zebrocy has also the tendency to acquire and use publicly available code from sharing platforms […]

PRIMITIVE BEAR USES A NATO-THEMED LURE DOCUMENT TO TARGET UKRAINIAN GOVERNMENT AND DEFENSE AGENCIES

PRIMITIVE BEAR USES A NATO-THEMED LURE DOCUMENT TO TARGET UKRAINIAN GOVERNMENT AND DEFENSE AGENCIES

Recently we catched a NATO-themed malicious lure document to be likely associated with a new PRIMITIVE BEAR operation conducted against Ukrainian defense and government agencies. According to its metadata, the document is newly created (exactly on 22/07/2019) and aims to replicate an official press release from the Main Directorate of Intelligence of the Ukrainian Ministry of Defense. The press release concerned a meeting between representatives of the Ukrainian Ministry of Information Policy, the Ukrainian Ministry of Foreign Affairs, the Ukrainian National Institute for Strategic Studies, and NATO’s Strategic Communications division. It’s originally entitled “Представники ГУР МО України провели брифінг для експертів зі стратегічних комунікацій країн – членів НАТО” or, translated […]

Unknown threat actor is using Agent Tesla variants against Oil&Gas and Energy Sector

Unknown threat actor is using Agent Tesla variants against Oil&Gas and Energy Sector

On 02/07/2019, Telsy TRT catched a new malware variant belonging to Agent Tesla family addressed to companies operating in the Energy and Oil&Gas sector. Among these organizations, Telsy identifies a very large italian company with a strong international presence, especially in the UAE area. Attack Vector As in many cases we usually observe, the main attack vector used for spreading the malicious payload is email. In this case, we were able to collect some malicious messages sent by threat actor to different targets; these messages are oriented to spoof the identity of what we belive to be a real person involved in engineering field in UAE area. Indeed, we believe […]

Seminar – “An introduction to secure multi – party computation”

Seminar – “An introduction to secure multi – party computation”

Telsy seminar of Giuseppe D’Alconzo entitled : ‘’ An introduction to secure multi – party computation’’ The seminar, organized with The Polytechnic University of Turin, will be held on Monday 15 July at 14.30 PM in Polytechnic’s Aula Buzano – Dipartimento di Scienze Matematiche Abstract: Secure Multi Party Computation (MPC) is a branch of cryptography that allows a set of players to evaluate a public function on private inputs, revealing no information about them apart from the computed output. It is an alternative to the strong assumption of the existence of a trusted party. It was born in the 1980s as a theoretical and not so treatable field for its computational […]

Telsy launches SecureDNS. The first freely available italian DNS service aimed at Privacy and Internet Security.

Telsy launches SecureDNS. The first freely available italian DNS service aimed at Privacy and Internet Security.

What Telsy SecureDNS is ? Telsy SecureDNS is a service able to apply effective security filters on DNS requests that your computers and peripherals make to communicate to the outside world. It does this by applying risk analysis algorithms on every single “resolution” request it manages. The clear advantage of this solution is that you can drastically reduce your level of risk against many cyber threats. Another clear advantage is that…it’s free for Telsy Free SecureDNS. What DNS is ? The DNS protocol is the basis of the Internet and of all online activities. It allows the conversion of a domain name (such as, for example, www.google.com) into numerical addresses […]

Seminario Prof. Desmedt, 1 luglio 2019

Seminario del Professor Yvo Desmedt dal titolo Private and reliable communication with untrusted components Il seminario, organizzato da Telsy in collaborazione con il Politecnico di Torino, si terrà lunedì 1 luglio 2019 alle ore 14 presso l’aula 7 del DISMA del Politecnico, Corso Duca degli Abruzzi 24, Torino. Abstract:Due to the US boycott of Huawei that started in August, 2018, the (in)security of network components is in the spotlight. This problem is not unique to modern telecommunication networks, but one can also have untrusted couriers. This was demonstrated recently by FedEx when two packages containing Huawei documents, being shipped to China from Japan, were diverted to the U.S. without authorization. […]

Recent “CEO Fraud” campaign is spreading within EU and already made victims. Telsy TRT joined an international collaborative effort for researching and mitigating the threat.

In the first days of May 2019, Telsy TRT joined a collaborative international effort aimed at studying, researching and mitigating a recent malicious campaign carried out by a criminal gang we internally track as #TA-927. Our collaboration has mainly seen, among others, Theo Geurts as an active member of the ICANN community . He has been an essential part of our mitigation efforts. According to Wikipedia, ICANN is the organization responsible for coordinating the maintenance and procedures of several databases related to the namespaces and numerical spaces of the global Internet network. The “CEO Fraud” attempts are not uncommon. Recently, an italian organization has been hit by a similar attack. […]