Tag Archives: Cyber Threat Intelligence

SolarWinds Attack: Italy activates the Cyber ​​Security Nucleus

SolarWinds Attack: Italy activates the Cyber ​​Security Nucleus

Following a tampering with a number of SolarWinds Orion platform updates in March, hackers have infiltrated the networks and computer systems of government and private entities around the world by spying on their moves and, in some cases, stealing highly sensitive data assets. The attack has also affected our country, unfortunately. From the early stages of the discovery, Italy activated the Cyber ​​Security Nucleus, the collegiate body entrusted with the task of managing cyber incidents that could have a potential impact on national security. The Cyber Security Nucleus What is this? According to the current legislation that regulates the activities of the Information Security Department (DIS) of the Presidency of […]

When a false flag doesn’t work: Exploring the digital-crime underground at campaign preparation stage

When a false flag doesn’t work: Exploring the digital-crime underground at campaign preparation stage

At the beginning of October 2020 we found copy of a malicious document potentially to be attributed to an APT group known with the name of APT34 / OilRig. The attribution, based on several elements found within the malicious document, was firstly reported by a security researcher through a social network. According the extracted evidences, the author “signed” this malicious document leaving his/her username within the document metadata. This nickname was already widely known within the Cyber Threat Intelligence field because attributed to a member of the already mentioned threat group. Indeed this nickname is Iamfarhadzadeh, linked to Mohammad Farhadzadeh, believed to be a member of the hacking unit identified […]

Turla / Venomous Bear updates its arsenal: “NewPass” appears on the APT threat scene

Recently Telsy observed some artifacts related to an attack that occurred in June 2020 that is most likely linked to the popular Russian Advanced Persistent Threat (APT) known as Venomous Bear (aka Turla or Uroburos). At the best of our knowledge, this time the hacking group used a previously unseen implant, that we internally named “NewPass“ as one of the parameters used to send exfiltrated data to the command and control. Telsy suspects this implant has been used to target at least one European Union country in the sector of diplomacy and foreign affairs. NewPass is quite a complex malware composed by different components that rely on an encoded file to […]

Telsy’s report on UniCredit’s data breach went viral worldwide

Telsy’s report on UniCredit’s data breach went viral worldwide

On the evening of April 19, Telsy denounced that the personal data of about 3000 employees of the UniCredit S.p.A. bank, one of the largest banks in Italy, had been put on sale on cybercrime forums. According to the seller, in the leak there are information about thousands of employees, including emails, phone numbers, encrypted password, last name and first name. The database was found available on at least two cyber-crime and hacking related forums. In the following hours the article published by Telsy on its blog (which can be found at the following link )has been reported by several major news agency worldwide. Telsy’s CEO, Emanuele Spoto, commented: “Yesterday […]

Tamper detection technologies: it takes a thief to catch a thief

Tamper detection technologies: it takes a thief to catch a thief

Tamper detection technlogies are already present in our everyday life, even when we are not aware that they can be called by that name. Tamper detection and tamper evidence methods are already in use in many common situations. They provide proof of unauthorized access to the inner components of a device (i.e. it can void the warranty) or even just of a luxury good in department stores. We speak about tamper evidence when the goal is to reveal the unauthorized access upon examination by a human, and about tamper detection when we implement some sort of automatic action in response to the event. Baseline, tamper evidence and detection methods detect […]

Utilizzando il sito, accetti l'utilizzo dei cookie da parte nostra. maggiori informazioni

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close