[Upcoming Webinar] Post Splunk: Your roadmap to adopting a cost-effective cloud-native security data lake at your own pace. Join us on October 3
Register Now
Skip to main content

Anvilogic Forge Threat Research Reports

Here you can find an accumulation of trending threats published weekly by the Anvilogic team.

Subscribe to Weekly Reports

Featured Threat Reports

09
-
14
-
2023
Agent Tesla & Equation Editor Vulnerabilities
Agent Tesla Exploits Equation Editor Flaws
See the Report
09
-
14
-
2023
Cryptominers Spread Through Advanced Installer
Advanced Installer Exploited for Cryptomining Malware
See the Report

All Threat Reports

Categories

All
Show More

Industries

All
Show More

Levels

All
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
This is some text inside of a div block.
09
-
21
-
2023
Level:
Tactical
|
Source:
Symantec

Six Month Intrusion of an Asian Electrical Company

Threat actors, identified as Redfly, breached an Asian national grid for a total of six months, starting on February 28th, 2023, as reported by Symantec. Their operations, which culminated on August 3rd, included a series of actions like compromising credentials, using keyloggers, deploying drop loaders, and infecting additional network hosts. Notably, they showed a clear intent by targeting critical infrastructure organizations. While their attack pattern was intermittent, they were most active in May, showing several activities on specified dates, deploying payloads, stealing credentials, and establishing persistence. Their activity spiked again at the end of July. The persistent targeting of critical infrastructure by Redfly presents a significant threat, with the potential to disrupt essential services, particularly during politically tensed times.

Critical Infrastructure
This is some text inside of a div block.
09
-
21
-
2023
Level:
Tactical
|
Source:
Microsoft

Iran-Linked APT33/Peach Sandstorm Ongoing Password Spray Attacks Unveiled by Microsoft

Microsoft disclosed activities linked to Peach Sandstorm (known as APT33, Elfin, and Refined Kitten), an Iranian threat actor, launching password spray attacks since February 2023. The focus has been on industries like satellite, defense, and pharmaceuticals, especially in countries like Israel, the US, Brazil, and the UAE. This shift narrows down from their previous target sectors such as aviation and healthcare. The motive appears to be supporting Iranian state interests by collecting vital intelligence.

Defense
Pharmaceutical
Telecommunications
This is some text inside of a div block.
09
-
21
-
2023
Level:
Tactical
|
Source:
@Kostastsale - X

BumbleBee Swarms with QakBot's Takedown

Following the QakBot disruption by the FBI, there's been a surge in BumbleBee malware attacks. Kostas, a notable security researcher from the DFIR Report community, has outlined a BumbleBee tactic where the malware uses command line actions to map a network drive to a remote site, transfer user credentials, download a file, and search for 'notepad.exe' files. The method suggests potential file manipulation, highlighting the shifting tactics in the malware landscape post-QakBot's takedown.

Global
This is some text inside of a div block.
09
-
21
-
2023
Level:
Strategic
|
Source:
Brian Krebs

A String of CryptoWallet Thefts Point to Cracked LastPass Vaults

Following the 2022 LastPass data breach, investigative journalist Brian Krebs points to an alarming rise in CryptoWallet thefts. Key voices from the industry, such as MetaMask's Taylor Monahan and Unciphered's Nick Bax, echo these concerns. The ongoing situation underscores the vulnerabilities even in renowned security platforms and the increasing sophistication of cyber threats.

Technology
This is some text inside of a div block.
09
-
21
-
2023
Level:
Strategic
|
Source:
Microsoft

Storm-0324 An Enabler of Ransomware

Microsoft's latest research unveils the threat actor Storm-0324, active since 2016, now targeting via Microsoft Teams chats. Historically using email-based vectors with deceptive themes, their move signifies an evolution in attack strategy. They've distributed malware like IcedID and ransomware such as Sage. Notably, from 2019, Storm-0324 has primarily spread JSSLoader, which could escalate to a ransomware impact when handed to groups like Sangria Tempest.

Global
This is some text inside of a div block.
09
-
14
-
2023
Level:
Tactical
|
Source:
Okta

Okta Warns of a Intricate Attack Targeting Privileged Accounts

Recent findings from Okta reveal a meticulously crafted series of social engineering attacks targeting their US-based customers. These attackers aim for the most privileged admin accounts. After succeeding, they exploit identity federation features, mimicking users within the compromised organizations. Okta's insights show the threat actors possess either direct access to privileged account passwords or the ability to interfere with Active Directory. They've also leveraged a unique tactic by employing a secondary identity provider to act as an impersonation tool.

Global

About the Forge & Threat Reports

Deploy and maintain detections and threat hunt across all of your logging platforms and security tools without centralizing your data or deploying new agents.

Our mission is to assess the operational behaviors of all threats to provide the community, and our customers, with actionable information and enterprise-ready detections in order to defend themselves in an ever-changing threat landscape.

Sign Up For Weekly Threat Reports

We curate threat intelligence to provide situational awareness and actionable insights

Threat Identifier Detections

Atomic detections that serve as the foundation of our detection framework.

Threat Scenario Detections

Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.

Reports Hot Off the Forge

Threat News Reports
Trending Threat Reports
ResearchArticles

Intelligence Levels for Threat Reports

Tactical

Detectable threat behaviors for response with threat scenarios or threat identifiers.

Strategic

General information security news, for awareness.

Whitepapers

ESG Report: Trends in Modern Security Operations
White Paper
ESG Report: Trends in Modern Security Operations
White Paper: Supercharge Your Security Operations with a Modern SIEM Approach
White Paper
White Paper: Supercharge Your Security Operations with a Modern SIEM Approach
White Paper: Forge Threat Detection Success at the Pyramid Apex
White Paper
White Paper: Forge Threat Detection Success at the Pyramid Apex

The World's Best SOC Teams Use Anvilogic

Paypal Logo
Rubrik Logo
Deloitte Logo
Ebay Logo
Regeneron Logo
SurveyMonkey Logo
TradeWeb Logo
Alteryx Logo
First Citizens Bank Logo
Sigma Logo
Crypto.com Logo
CSC Logo
Rakuten Mobile Logo
St. George's University Logo
Paypal Logo
Rubrik Logo
Deloitte Logo
Ebay Logo
Regeneron Logo
SurveyMonkey Logo
TradeWeb Logo
Alteryx Logo
First Citizens Bank Logo
TJX Logo
Sigma Logo
Crypto.com Logo
CSC Logo
Rakuten Mobile Logo
St. George's University Logo
Paypal Logo
Rubrik Logo
Deloitte Logo
Ebay Logo
Regeneron Logo
SurveyMonkey Logo
TradeWeb Logo
Alteryx Logo
First Citizens Bank Logo
TJX Logo
Sigma Logo
Crypto.com Logo
CSC Logo
Rakuten Mobile Logo
St. George's University Logo

Research to keep you up-to-date on threats

Learn More

Interested in joining the Anvilogic team?

See Careers

Scale Detection Engineering And Threat Hunting Across All Of Your Data Lakes And Security Tools.

Scale Detection Engineering And Threat Hunting Across All Of Your Data Lakes And Security Tools.

Book a Demo
Application & User Security
Cybersecurity Enforcement
User Security
Cybercrime
Russia and Ukraine
Cyberattack
Tactical Threat Detection
Vulnerability
Threat Actor Activities
Strategic InfoSec News
Ransomware News
Network Security
Featured
Mobile Security
Malware Campaigns
Data Breach
Internet of Things (IoT) Security
Critical Infrastructure Security
Application Security
Cloud Security