RST TI Report Digest: 24 Mar 2025

**Heavy metal: the new Telemancon group attacks industrial organizations** — F6 reports that Telemancon has targeted Russian industrial/engineering organizations since Feb 2023 using a bespoke dropper (TMCDROPPER) and a backdoor (TMCSHELL) capable of executing arbitrary PowerShell, employing evasive techniques such as certificate pinning and AES-256 encrypted communications; the report includes numerous IOCs (IPs, Telegra.ph lure URLs, and many file hashes) for detection and tracking.