Anvilogic Forge Threat Research Reports
Here you can find an accumulation of trending threats published weekly by the Anvilogic team.
All Threat Reports
#StopRansomware Offers Defensive Strategies for Rhysida Ransomware
The joint advisory by CISA and the FBI sheds light on the opportunistic Rhysida ransomware gang, known for targeting a wide range of sectors including education, healthcare, and technology. The advisory reveals Rhysida's approach of exploiting compromised credentials and remote services, including the use of the Zerologon vulnerability.
Fortinet Presents An In-Depth View of a Rhysida Intrusion
Fortinet's Managed Detection and Response team provides a thorough analysis of the Rhysida ransomware group, recently highlighted in CISA's #StopRansomware advisory. This ransomware-as-a-service has affected over 50 organizations, primarily in the United States, Germany, France, Italy, and England, with education, manufacturing, technology, government, and construction being the most targeted sectors.
Boeing Supplements CISA Advisory for LockBit's Abuse of Citrix Bleed Vulnerability
A joint Cybersecurity Advisory, aided by Boeing and Kevin Beaumont, focuses on the threat of LockBit 3.0 ransomware exploiting the Citrix Bleed vulnerability (CVE-2023-4966). This vulnerability allows bypassing password and MFA requirements, enabling session hijacking on Citrix NetScaler ADC and Gateway appliances.
Job Centric Themes Fueling Two North Korean Campaigns
Unit 42 reveals two North Korean state-sponsored cyber campaigns, "Contagious Interview" and "Wagemole," exploiting job-centric themes. "Contagious Interview" targets software developers with simulated job interviews and collaboration hubs like GitHub, deploying malware like BeaverTail and InvisibleFerret for cryptocurrency theft, keylogging, and credential theft.
CISA Updates Advisory for Royal Ransomware Gang, Amassed $275 Million in Ransom
The Cybersecurity and Infrastructure Security Agency (CISA) has updated its advisory on the Royal ransomware group, revealing its significant global impact since September 2022. The group, suspected of rebranding to 'Blacksuit,' has targeted over 350 victims worldwide, particularly in critical sectors, accumulating ransoms exceeding $275 million. Utilizing phishing, RDP, and exploiting vulnerable applications, Royal gains initial access, later employing tools like Chisel, Cobalt Strike, and leveraging Qakbot C2 infrastructure.
Insights of a Dangerously Proficient Social Engineering Group, Scattered Spider
The FBI and CISA's latest advisory focuses on Scattered Spider, a threat group also known as Starfraud, UNC3944, Scatter Swine, and Muddled Libra, renowned for their advanced social engineering techniques. The group, displaying skill sets overlapping with Microsoft's Octo Tempest, engages in sophisticated phishing, push bombing, and SIM swap attacks to acquire credentials and bypass multi-factor authentication (MFA).
.png)
We curate threat intelligence to provide situational awareness and actionable insights
Atomic detections that serve as the foundation of our detection framework.
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
.png)
-min.png)
The World's Best SOC Teams Use Anvilogic
.svg)
.svg)
