We curate threat intelligence to provide situational awareness and actionable insights
Threat Identifier Detections
Atomic detections that serve as the foundation of our detection framework.
Threat Scenario Detections
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
Reports Hot Off the Forge
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Data Extortion Group Levels Up with their Own Ransomware
Donut Leaks, a data extortion group active since August 2022, now uses its own ransomware for double-extortion campaigns. They have targeted global organizations, including DESFA and Sheppard Robson. Their ransom notes feature creative ASCII art and command prompt graphics, showcasing their flair for theatrics.
DDoS Strikes European Parliament Site
'Anonymous Russia,' a pro-Russian hacktivist group, initiated a DDoS attack on the European Parliament website, causing an outage and displaying a "Secure Connection Failed" error. This attack follows the EU's designation of Russia as a state sponsor of terrorism. Killnet, another pro-Kremlin group, is also active in DDoS and ransomware attacks.
Growing Cyber Threats in Ukraine with New Ransomware Strain, RansomBoggs
ESET researchers discover RansomBoggs, a new ransomware strain targeting Ukrainian organizations, attributed to the Russian Sandworm group. The malware, written in .NET, uses PowerShell scripts for deployment, resembling past Sandworm tactics. References to Monsters Inc and ties to Prestige ransomware highlight Sandworm's ongoing cyber activities.
Insights from the Yanluowang Ransomware Chat Leaks
Trellix analyzes leaked chat logs from the Yanluowang ransomware group, revealing collaboration with HelloKitty, Babuk, and Conti ransomware groups. Despite having numerous compromised credentials, the group struggles with manpower to exploit them. Concerns about the Conti leaks and government attention are also highlighted.
Mustang Panda Target Asian Government Entities
Researcher Yoshihiro Ishikawa reports Mustang Panda's latest campaign targeting the Philippine government with Claimloader malware. Delivered via malicious ZIP files, the malware establishes persistence and communicates with C2 servers. The campaign, based on file names, might also target Japan in future operations.
Emulating Threat Activity from OilRig
MITRE Engenuity's emulation plan replicates the Iranian threat group OilRig's tactics, techniques, and procedures, focusing on their use of custom web shells, PowerShell operations, and unique data exfiltration. The 10-step plan provides valuable insights for security defenders to develop threat detection and improve defense strategies.
About the Forge & Threat Reports
Our mission is to assess the operational behaviors of all threats to provide the community, and our customers, with actionable information and enterprise-ready detections in order to defend themselves in an ever- changing threat landscape.
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
Whitepapers
The World's Best SOC Teams Use Anvilogic
.svg)
.svg)
.svg)
.png)
Build Detections You Want, Where You Want
