We curate threat intelligence to provide situational awareness and actionable insights
Threat Identifier Detections
Atomic detections that serve as the foundation of our detection framework.
Threat Scenario Detections
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
Reports Hot Off the Forge
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Black Basta Initiate Aggressive Qakbot Campaigns
Cybereason reports Black Basta ransomware group's aggressive Qakbot campaigns targeting US entities. The group uses spearphishing emails and exploits vulnerabilities to deploy malware. They rapidly obtain domain administrator privileges and deploy ransomware, with observed campaigns targeting over 10 US entities starting November 14th, 2022.
An Elevate Cyberattack Surface Threatens Nuclear Facilities
Cyble reports rising cyber threats against nuclear facilities amid the Russia-Ukraine war. Vulnerabilities in networks and exposed sensitive data have led to breaches in countries like Russia, Taiwan, and Brazil. Leaked data, including source code and PII, could facilitate further attacks on these critical infrastructures.
Russian Code Discovered in U.S Government Agencies & Mobile App Stores
Reuters reports Pushwoosh, a Russian company posing as U.S-based, embedded code in U.S. Army and CDC apps. The code, now removed, was also found in over 8,000 mobile apps in app stores. This raises significant security concerns and potential FTC law violations, despite Pushwoosh's claims of data storage in the U.S. or Germany.
Conti's Trails
Though the Conti ransomware group shut down in May 2022, its influence remains evident in the operations of Quantum, Black Basta, and Royal ransomware. These groups share tactics, techniques, and infrastructure linked to Conti, as highlighted by @BushidoToken. Conti's legacy endures in the evolving ransomware ecosystem.
Russian Hacktivists Create New Somnia Ransomware
CERT-UA reports that Russian hacktivists 'From Russia with Love' have created the Somnia ransomware, targeting Ukrainian organizations without demanding ransom. The ransomware acts as a data wiper, with no decryptor available. The group uses compromised credentials and mimics legitimate software for access, employing tools like AnyDesk and Cobalt Strike.
New Campaigns from Chinese Cyberespionage Group Lotus Blossom
Symantec researchers discover new campaigns by the Chinese cyberespionage group Lotus Blossom, targeting Asian certificate authorities, government, and defense sectors. Operating since 2009, the group uses custom backdoors Hannotog and Sagerunex, along with common tools for stealthy operations. Data collection and exfiltration remain their primary objectives.
About the Forge & Threat Reports
Our mission is to assess the operational behaviors of all threats to provide the community, and our customers, with actionable information and enterprise-ready detections in order to defend themselves in an ever- changing threat landscape.
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
Whitepapers
The World's Best SOC Teams Use Anvilogic
.svg)
.svg)
.svg)
.png)
Build Detections You Want, Where You Want
