We curate threat intelligence to provide situational awareness and actionable insights
Threat Identifier Detections
Atomic detections that serve as the foundation of our detection framework.
Threat Scenario Detections
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
Reports Hot Off the Forge
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
A Compromised Ministry of Defense Account Spreads Info-Stealer in Ukraine
CERT-UA reports phishing emails from a compromised Ukrainian Ministry of Defense account targeting DELTA system users. The emails contain a zip file with 'FateGrab' and 'StealDeal' info-stealer malware, masquerading as certificate updates. The malware collects browser data and various file types from infected systems.
New Exploit OWASSRF Bypasses ProxyNotShell Mitigations
CrowdStrike discovers OWASSRF, an exploit bypassing ProxyNotShell mitigations with CVE-2022-41080 and CVE-2022-41082. This new method was identified during a Play ransomware intrusion investigation. Organizations are urged to apply Microsoft's November 8th, 2022 patches to mitigate this threat.
Raspberry Robin Adding Layers of Deception
Trend Micro reports new infection routines from Raspberry Robin, using fake payloads and obfuscation to avoid detection. Targeting government and telecommunications sectors, the malware aims for cyber-espionage and data theft. Infections begin with a malicious USB drive, deploying payloads to evade security solutions and virtual machines.
Russian APT Gamaredon A Critical Player Against Ukraine
Palo Alto Unit42 details Gamaredon's significant role in the Russia-Ukraine conflict, targeting Ukraine with sophisticated cyber campaigns. Using fast-flux DNS, Telegram for C2 lookups, and phishing with LOLBins, Gamaredon continually evolves its tactics, proving to be a persistent threat.
The Potency And Proficiency of Royal Ransomware
Cybereason explores the Royal ransomware group's sophisticated techniques and potential ties to the disbanded Conti gang. Emerging in mid-2022, Royal employs novel partial encryption and multi-threading methods, making it a formidable threat. The group targets various industries, predominantly in the United States.
Uber Experiences Another Cyber Incident
BleepingComputer reports Uber's second cyber incident in three months, with threat actor 'UberLeaks' exposing corporate and IT information on a breach forum. Uber attributes the breach to a third-party vendor, stating it is unrelated to the September 2022 breach. No customer data is believed to be compromised.
About the Forge & Threat Reports
Our mission is to assess the operational behaviors of all threats to provide the community, and our customers, with actionable information and enterprise-ready detections in order to defend themselves in an ever- changing threat landscape.
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
Whitepapers
The World's Best SOC Teams Use Anvilogic
.svg)
.svg)
.svg)
.png)
Build Detections You Want, Where You Want
