We curate threat intelligence to provide situational awareness and actionable insights
Threat Identifier Detections
Atomic detections that serve as the foundation of our detection framework.
Threat Scenario Detections
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
Reports Hot Off the Forge
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
CryWiper Disguises as Ransomware Attacks Russian Organizations
Kaspersky uncovers CryWiper, a data destruction malware disguised as ransomware, targeting Russian organizations. CryWiper destroys files irreversibly using a pseudo-random number generator, deletes shadow copies, and disables RDP connections. Despite ransom demands, file recovery is impossible as the malware aims to permanently destroy data.
Killnet's DDoS Streak
Pro-Russian threat group Killnet continues its DDoS attacks, targeting Starlink, the White House, and UK government websites. Verified by Trustwave, these attacks have disrupted critical services. Killnet plans further attacks against UK industries in finance, military, and healthcare.
Threat Actors Abuse RDP
Cyble researchers highlight the dangers of exposed RDP ports, often exploited by threat actors to compromise networks. In the last three months, over 4.7 million exploitation attempts were tracked, with attacks originating from countries including the US, South Korea, and India. Ransomware groups like Daixin Team and MedusaLocker are active in this space.
Red Canary: October 2022 Intelligence Insights
Red Canary's October 2022 intelligence update shows Qakbot malware at number one, with Mimikatz surging to third place. Top threats also include Impacket, Bloodhound, and Raspberry Robin. The report highlights Qakbot's fluctuating activity levels and the use of LOLBins, regsvr32, and rundll32 for network connections.
APT37 Drops New Dolphin Malware
ESET researchers identify Dolphin, a new malware backdoor used by North Korean APT37, targeting South Korean government, military, and media entities. Dolphin's capabilities include data collection, credential extraction, and screenshot capture. It uses Python for persistence and communicates through Google Drive, evolving with new features since April 2021.
US Agencies Release Updates for Cuba Ransomware
CISA and FBI issue updates on Cuba ransomware, a group that has compromised over 100 organizations globally, collecting $60 million in ransoms. Targeting sectors like critical infrastructure, financial, and healthcare, Cuba ransomware operators use Hancitor malware and vulnerabilities like ZeroLogon for attacks. The group isn't linked to the Republic of Cuba.
About the Forge & Threat Reports
Our mission is to assess the operational behaviors of all threats to provide the community, and our customers, with actionable information and enterprise-ready detections in order to defend themselves in an ever- changing threat landscape.
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
Whitepapers
The World's Best SOC Teams Use Anvilogic
.svg)
.svg)
.svg)
.png)
Build Detections You Want, Where You Want
