The mathematics behind PQC: the codes

New post-quantum digital signature proposals: the second NIST competition

 View all
The Turla malware

Turla is one of the most advanced APTs (Advanced Persistent Threat) in the world. Also, Turla Group is a well-established collective that has been operational since at least 2004 Also...

 Read more
The Advanced Persistent Threats (APT)

“APT”, the acronym for Advanced Persistent Threat, indicates a type of targeted and persistent attacks carried out by opponents with considerable technical expertise and great resources. As the “Advanced” part...

 Read more
SideCopy APT: from Windows to *nix

Telsy Threat Intelligence team has observed a spear-phishing campaign conducted by cyber-espionage group SideCopy against critical government entities in India.    SideCopy APT: from Windows to *nix As previously published...

 Read more
When a false flag doesn’t work: Exploring the digital-crime underground at campaign preparation stage

At the beginning of October 2020 we found copy of a malicious document potentially to be attributed to an APT group known with the name of APT34 / OilRig. The...

 Read more
Operation “Space Race”: reaching the stars through professional Social Networks

At the beginning of May 2020, Telsy analyzed some social-engineering based attacks against individuals operating in the aerospace and avionics sector performed through the popular professional social network LinkedIn. According...

 Read more
Turla / Venomous Bear updates its arsenal: “NewPass” appears on the APT threat scene

  Recently Telsy observed some artifacts related to an attack that occurred in June 2020 that is most likely linked to the popular Russian Advanced Persistent Threat (APT) known as...

 Read more
APT34 (aka OilRig, aka Helix Kitten) attacks Lebanon government entities with MailDropper implants

Very recently another custom malicious implant that seems to be related to APT34 (aka OilRig) has been uploaded to a major malware analysis platform. Since 2014, year in which FireEye...

 Read more
Meeting POWERBAND: The APT33 .Net POWERTON variant

Introduction Since the Islamic revolution, US and regional rivals have put continuos effort in containing and isolating Iran. Implementing a foreign policy generally addressed as “strategic loneliness”, Iran’s defense strategy...

 Read more
The Lazarus’ gaze to the world: What is behind the first stone ?

Introduction Lazarus (aka APT38 / Hidden Cobra / Stardust Chollima) is one of the more prolific threat actors in the APT panorama. Since 2009, the group leveraged its capability in...

 Read more
DeadlyKiss: Hit one to rule them all. Telsy discovered a probable still unknown and untreated APT malware aimed at compromising Internet Service Providers

In the first days of September 2019, Telsy Cyber Threat Intelligence Unit received a variant of a strange and initially mysterious malware from a stream of thousands of samples coming...

 Read more