We curate threat intelligence to provide situational awareness and actionable insights
Threat Identifier Detections
Atomic detections that serve as the foundation of our detection framework.
Threat Scenario Detections
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
Reports Hot Off the Forge
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Divergences in APT42 Targets Signal New Intelligence Requirements from Iran
Proofpoint notes a shift in APT42's targets and tactics, now including medical researchers, aerospace engineers, and travel agencies, suggesting new intelligence needs from Iran's IRGC. The group, known for credential harvesting, now uses more aggressive phishing and malware, indicating possible collaboration with other Iranian state branches.
Cloud Atlas' Attacks Russian Aligned Entities
Checkpoint researchers reveal Cloud Atlas's cyber-espionage activities targeting Russian and Belarus entities amid the Russia-Ukraine conflict. Utilizing phishing emails, PowerShell backdoors, and exploiting vulnerabilities like Microsoft Equation Editor, Cloud Atlas's TTPs have remained consistent. Recent focus areas include the Crimean Peninsula and breakaway regions of Ukraine.
Analyzing Operation LiberalFace, An Attack Against Japanese Politicians
ESET researchers expose Operation LiberalFace, a spearphishing campaign by the Chinese threat group MirrorFace. Targeting Japanese politicians ahead of the July 2022 election, the campaign used phishing emails to deploy LODEINFO malware and MirrorStealer credential stealer. The malware captures screenshots, keylogs, and exfiltrates credentials from web browsers and email clients.
Malicious Scheduled Tasks Reveal A Russian Campaign Against the Ukrainian Government
Mandiant identifies a Russian campaign against the Ukrainian government using trojanized ISO files masquerading as Windows 10 installers. The attack involves malicious scheduled tasks communicating with a TOR site, aiming to exfiltrate data. Linked to UNC4166 and GRU operations, the campaign reflects sophisticated espionage tactics.
Russian Threat Group, Initiate Credential Harvesting Campaign Across Many Verticals
Recorded Future's Insikt Group reports Russian threat group TAG-53 targeting aerospace, defense, government, and other sectors in a credential harvesting campaign. The group, linked to Callisto Group, COLDRIVER, and SEABORGIUM, uses spoofed Microsoft login pages and recurring infrastructure traits like specific domain names and TLS certificates.
Russia's Cyber Aggression Against Ukraine May Escalate During Winter
Microsoft warns of escalating Russian cyber aggression against Ukraine's critical infrastructure during winter. Predictions include increased attacks on energy, water systems, and supply routes. The warning extends beyond Ukraine, with potential cyberattacks on countries aiding Ukraine, influenced by economic and social factors.
About the Forge & Threat Reports
Our mission is to assess the operational behaviors of all threats to provide the community, and our customers, with actionable information and enterprise-ready detections in order to defend themselves in an ever- changing threat landscape.
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
Whitepapers
The World's Best SOC Teams Use Anvilogic
.svg)
.svg)
.svg)
.png)
Build Detections You Want, Where You Want
