Cybersecurity Incident Response Team (CSIRT)

Are you experiencing an ongoing Cyberattack, Ransomware, Fraud, DDOS or Business Email Compromise?

Victim of a cybercrime?

Under Attack?

Don't Wait! Call now for a free situation assessment and initial advisory:

If you’re a private citizen and a victim of cybercrime, don’t hesitate to contact your local authorities and/or insurance company.

All urgent or sensitive communications should be performed using PGP to csirt[@] or by calling the numbers listed below.

cybersecurity monitoring

Communication With the Incident Response Team

Always Use PGP for Secure Communication

Truesec CSIRT may be reached at csirt[@], and the PGP public key for the address csirt[@] is used to digitally sign or encrypt communications. We recommend that parties communicating with the CSIRT use PGP as well.

Additional communication channels, such as Teams and Signal, are available for communications between Truesec CSIRT and its constituency.

Main Postal Address:
Truesec CSIRT, Luntmakargatan 18, 111 37 Stockholm, Sweden

Certified Cybersecurity Professionals

Trusted by Fortune 500 companies for robust incident handling.

Truesec has the full service offering for governance, risk and compliance

Expert Cybersecurity Incident Response and Crisis Management

Our team includes experienced cybersecurity professionals, forensic investigators, incident response managers, crisis managers, and cyberlaw experts. Have a proven track record of handling complex breaches for Fortune 500 companies and top insurance providers.

By using insights from our Managed Detect & Response Services and our extensive experience with major global cyber incidents, we excel at tracking threat actors, identifying vulnerabilities, and monitoring activity on the dark web. This expertise helps us to identify a and adjust to changing attack strategies, providing a strong post breach posture for our clients.

Quickly mitigate and resolve breaches.

Expert Digital Forensics and Cyber Incident Management

Trusted by Leaders

Truesec has built a solid reputation as a trusted authority in incident response and has successfully handled complex incidents for Fortune 500 companies and leading insurance providers.

Proven Track Record

Our team commits more than 35,000 hours each year to managing incident responses and investigating breaches. Our vast experience in diverse industries allows us to deliver quick, efficient, and dependable solutions to all types of cybersecurity challenges.

Industry Recognition

Truesec’s incident response services have been recognized by industry experts and customers alike. We have received numerous accolades and industry awards for our exceptional performance, rapid response time, and effective incident resolution.

Rapid Breach Response With a Impressive Track Record

Full-time incident response professionals
Additional cyber specialists leveraging specific skills
Hours of breach response during the last 12 months

We Help Minimize the Impact of a Cyber Breach

Immediate Incident Response

When an IT environment is compromised, sensitive data is leaked or encrypted, or unauthorized network activity is detected. When we get the call, we respond immediately.

Remote or Onsite Support

Like a fire brigade, our team quickly assesses the situation and if needed takes the first available flight to the customer’s location to contain the situation.

Forensic Investigation & Infrastructure Recovery

We then initiate a forensic investigation to determine the entry point, affected systems, and potential data extraction. Simultaneously, a incident manager coordinates crisis management and cyberlaw while another team starts to rebuilds the infrastructure and salvages as much data as possible. Customers often compare our arrival to a emergency response team, experiencing relief when we are onsite.

We Handle Most Major Incidents in Sweden

We’re generally not allowed to disclose our clients, but we’ve been involved in nearly all major incidents in Sweden, many of which have made the news. We work tirelessly—days, nights, and weekends—during these incidents because the survival of the breached company may be at stake.

Born out of recovery

Our team consists of highly skilled professionals who can operate, recover, or rebuild IT environments from scratch using the latest technology and security features, all under considerable pressure. Our extensive experience with various IT environments gives us unique insights into hardening and preventing similar incidents in the future.

Our incident response method builds on the following 7 steps

Our CSIRT Operations Methodology

01 Initial Contact/Startup Meeting

Meet With an Incident Manager

Truesec’s Incident Manager, in collaboration with your IT personnel, will help to quickly establish what occurred and the extent of the intrusion and develop an action plan. We’ll also assist you in establishing alternative communication channels, as your email will most likely be compromised.

02 Preparation

Collect Information

Our experts will begin the investigation by preparing the environment to collect information to understand the environment and the incident. This will involve interviews and data collection. Securing evidence for later analysis is imperative, as any information can be crucial.

03 Containment

Limit the Damage

In the containment workflow, we perform activities to limit the damage/breach. At an early stage in the incident response we’ll initiate active security monitoring by the Truesec Security Operations Center (SOC) to ensure visibility into the environment. This is beneficial if the threat actor tries to breach or move around within the environment.


04 Forensic Analysis and Investigation

The Investigation Begins

In this workflow, we initiate a forensic investigation to secure traces of the threat actor, determine if any company or personal data has been breached or exfiltrated, and determine what the threat actor has done within the environment. This determines in exact detail how the threat actor breached the system. We also conduct threat intelligence on the attackers by analyzing the dark web and locating other relevant leaked information.

05 Eradication

Kickout and Cleaning

Based on the forensic investigation results, exact measures will be taken to eradicate the threat actor from the environment. This is to remove any remaining artifacts associated with the threat actor and restore the environment to a clean state.

06 Recover and Rebuild Systems

Recover and Rebuild Systems

In the recovery workflow, the activities aim to recover operational capacity in the most effective yet secure way possible. If required, we can also help rebuild systems that cannot be restored.

07 Final Report/Post-Incident

Debriefing and Reporting

Following the incident response and recovery, Truesec CSIRT will finalize an incident report and provide a debriefing, ensuring your organization’s operational procedures and incident response plans can be updated to reflect the knowledge gained from the incident. Truesec can also provide active security monitoring for a predetermined time to ensure a smooth return to regular operation.

Post Breach Services

Once the time sensitive and critical part of the incident is over, post-breach kicks into action. This includes training of staff, documentation of new processes, identifying and removing all threat actor artefacts, restore of non critical systems and replacement  affected infrastructure if necessary.

A Trusted and Certified CSIRT