Anvilogic Forge Threat Research Reports

Here you can find an accumulation of trending threats published weekly by the Anvilogic team.

All Threat Reports

Levels

All
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
This is some text inside of a div block.
11
-
30
-
2023
Level:
Tactical
|
Source:

#StopRansomware Offers Defensive Strategies for Rhysida Ransomware

The joint advisory by CISA and the FBI sheds light on the opportunistic Rhysida ransomware gang, known for targeting a wide range of sectors including education, healthcare, and technology. The advisory reveals Rhysida's approach of exploiting compromised credentials and remote services, including the use of the Zerologon vulnerability.

Construction
Education
Food
Agriculture
Government
This is some text inside of a div block.
11
-
30
-
2023
Level:
Tactical
|
Source:

Fortinet Presents An In-Depth View of a Rhysida Intrusion

Fortinet's Managed Detection and Response team provides a thorough analysis of the Rhysida ransomware group, recently highlighted in CISA's #StopRansomware advisory. This ransomware-as-a-service has affected over 50 organizations, primarily in the United States, Germany, France, Italy, and England, with education, manufacturing, technology, government, and construction being the most targeted sectors.

Construction
Education
Food
Agriculture
Government
This is some text inside of a div block.
11
-
30
-
2023
Level:
Tactical
|
Source:

Boeing Supplements CISA Advisory for LockBit's Abuse of Citrix Bleed Vulnerability

A joint Cybersecurity Advisory, aided by Boeing and Kevin Beaumont, focuses on the threat of LockBit 3.0 ransomware exploiting the Citrix Bleed vulnerability (CVE-2023-4966). This vulnerability allows bypassing password and MFA requirements, enabling session hijacking on Citrix NetScaler ADC and Gateway appliances.

Global
This is some text inside of a div block.
11
-
30
-
2023
Level:
Strategic
|
Source:

Job Centric Themes Fueling Two North Korean Campaigns

Unit 42 reveals two North Korean state-sponsored cyber campaigns, "Contagious Interview" and "Wagemole," exploiting job-centric themes. "Contagious Interview" targets software developers with simulated job interviews and collaboration hubs like GitHub, deploying malware like BeaverTail and InvisibleFerret for cryptocurrency theft, keylogging, and credential theft.

Global
This is some text inside of a div block.
11
-
23
-
2023
Level:
Tactical
|
Source:

CISA Updates Advisory for Royal Ransomware Gang, Amassed $275 Million in Ransom

The Cybersecurity and Infrastructure Security Agency (CISA) has updated its advisory on the Royal ransomware group, revealing its significant global impact since September 2022. The group, suspected of rebranding to 'Blacksuit,' has targeted over 350 victims worldwide, particularly in critical sectors, accumulating ransoms exceeding $275 million. Utilizing phishing, RDP, and exploiting vulnerable applications, Royal gains initial access, later employing tools like Chisel, Cobalt Strike, and leveraging Qakbot C2 infrastructure.

Global
This is some text inside of a div block.
11
-
23
-
2023
Level:
Tactical
|
Source:

Insights of a Dangerously Proficient Social Engineering Group, Scattered Spider

The FBI and CISA's latest advisory focuses on Scattered Spider, a threat group also known as Starfraud, UNC3944, Scatter Swine, and Muddled Libra, renowned for their advanced social engineering techniques. The group, displaying skill sets overlapping with Microsoft's Octo Tempest, engages in sophisticated phishing, push bombing, and SIM swap attacks to acquire credentials and bypass multi-factor authentication (MFA).

Global

We curate threat intelligence to provide situational awareness and actionable insights

Threat Identifier Detections

Atomic detections that serve as the foundation of our detection framework.

Threat Scenario Detections

Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.

Reports Hot Off the Forge

Threat News Reports
Trending Threat Reports
ResearchArticles

Intelligence Levels for Threat Reports

Tactical

Detectable threat behaviors for response with threat scenarios or threat identifiers.

Strategic

General information security news, for awareness.

The World's Best SOC Teams Use Anvilogic

Paypal Logo
Rubrik Logo
Deloitte Logo
Ebay Logo
Regeneron Logo
SurveyMonkey Logo
TradeWeb Logo
Alteryx Logo
First Citizens Bank Logo
Sigma Logo
Crypto.com Logo
CSC Logo
Rakuten Mobile Logo
St. George's University Logo
Paypal Logo
Rubrik Logo
Deloitte Logo
Ebay Logo
Regeneron Logo
SurveyMonkey Logo
TradeWeb Logo
Alteryx Logo
First Citizens Bank Logo
TJX Logo
Sigma Logo
Crypto.com Logo
CSC Logo
Rakuten Mobile Logo
St. George's University Logo
Paypal Logo
Rubrik Logo
Deloitte Logo
Ebay Logo
Regeneron Logo
SurveyMonkey Logo
TradeWeb Logo
Alteryx Logo
First Citizens Bank Logo
TJX Logo
Sigma Logo
Crypto.com Logo
CSC Logo
Rakuten Mobile Logo
St. George's University Logo

Scale Detection Engineering And Threat Hunting Across All Of Your Data Lakes And Security Tools.

Scale Detection Engineering And Threat Hunting Across All Of Your Data Lakes And Security Tools.