We curate threat intelligence to provide situational awareness and actionable insights
Threat Identifier Detections
Atomic detections that serve as the foundation of our detection framework.
Threat Scenario Detections
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
Reports Hot Off the Forge
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Insights from the Yanluowang Ransomware Chat Leaks
Trellix analyzes leaked chat logs from the Yanluowang ransomware group, revealing collaboration with HelloKitty, Babuk, and Conti ransomware groups. Despite having numerous compromised credentials, the group struggles with manpower to exploit them. Concerns about the Conti leaks and government attention are also highlighted.
Mustang Panda Target Asian Government Entities
Researcher Yoshihiro Ishikawa reports Mustang Panda's latest campaign targeting the Philippine government with Claimloader malware. Delivered via malicious ZIP files, the malware establishes persistence and communicates with C2 servers. The campaign, based on file names, might also target Japan in future operations.
Emulating Threat Activity from OilRig
MITRE Engenuity's emulation plan replicates the Iranian threat group OilRig's tactics, techniques, and procedures, focusing on their use of custom web shells, PowerShell operations, and unique data exfiltration. The 10-step plan provides valuable insights for security defenders to develop threat detection and improve defense strategies.
Black Basta Initiate Aggressive Qakbot Campaigns
Cybereason reports Black Basta ransomware group's aggressive Qakbot campaigns targeting US entities. The group uses spearphishing emails and exploits vulnerabilities to deploy malware. They rapidly obtain domain administrator privileges and deploy ransomware, with observed campaigns targeting over 10 US entities starting November 14th, 2022.
An Elevate Cyberattack Surface Threatens Nuclear Facilities
Cyble reports rising cyber threats against nuclear facilities amid the Russia-Ukraine war. Vulnerabilities in networks and exposed sensitive data have led to breaches in countries like Russia, Taiwan, and Brazil. Leaked data, including source code and PII, could facilitate further attacks on these critical infrastructures.
Russian Code Discovered in U.S Government Agencies & Mobile App Stores
Reuters reports Pushwoosh, a Russian company posing as U.S-based, embedded code in U.S. Army and CDC apps. The code, now removed, was also found in over 8,000 mobile apps in app stores. This raises significant security concerns and potential FTC law violations, despite Pushwoosh's claims of data storage in the U.S. or Germany.
About the Forge & Threat Reports
Our mission is to assess the operational behaviors of all threats to provide the community, and our customers, with actionable information and enterprise-ready detections in order to defend themselves in an ever- changing threat landscape.
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
Whitepapers
The World's Best SOC Teams Use Anvilogic
.svg)
.svg)
.svg)
.png)
Build Detections You Want, Where You Want
