We curate threat intelligence to provide situational awareness and actionable insights
Threat Identifier Detections
Atomic detections that serve as the foundation of our detection framework.
Threat Scenario Detections
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
Reports Hot Off the Forge
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Iranian-backed Threat Actor Exploits Log4Shell Vulnerability
A joint advisory from CISA and the FBI attributes an attack on a Federal Civilian Executive Branch organization to an Iranian-backed threat actor exploiting the Log4Shell vulnerability. The attackers deployed XMRig malware, used Mimikatz for credential theft, modified Windows Defender settings, and established persistence with Ngrok.
The Latest Hive Ransomware News
CISA's #StopRansomware update highlights Hive ransomware's impact, victimizing over 1,300 companies and demanding $100 million in ransoms. Active since June 2021, Hive targets various sectors using phishing, exploiting public-facing applications, and compromised credentials. Post-exploitation activities include tampering with defenses, data exfiltration, and reinfecting networks.
Emotet Storms Back
Proofpoint researchers report a resurgence of Emotet malware, with a significant increase in infected emails since November 2022. Emotet uses hijacked email threads and invoice-themed lures, deploying IcedID and Bumblebee loaders. To bypass security controls, victims are tricked into moving malicious Excel files into trusted system locations.
Venus Ransomware Attacks Healthcare Organizations
The U.S. Department of Health and Human Services reports the Venus ransomware group targeting healthcare organizations since August 2022. The group exploits open remote desktop services and encrypts files with a '.venus' extension. Despite not having a data leak site, Venus uses various contact methods, indicating multiple threat actors are distributing the ransomware.
DDoS Attacks From Hacktivists Haven't Been Heavy Hitters
The FBI's latest assessment reveals that hacktivist DDoS attacks have caused minor impacts, often targeting websites rather than critical services. Pro-Russian group Killnet has been active but with limited success, causing disruptions without significant service interruptions, including an attempted attack on the U.S. Treasury.
The Worrying State of Cybersecurity in Italy
Cyble Research raises concerns about Italy's cybersecurity, highlighting the rise in cyberattacks against critical industries. Italy, a top global exporter, faces threats exacerbated by the Russia-Ukraine conflict. Significant attacks include those on energy suppliers GSE and Eni, the Ministry of Defense, and Vodafone Italy.
About the Forge & Threat Reports
Our mission is to assess the operational behaviors of all threats to provide the community, and our customers, with actionable information and enterprise-ready detections in order to defend themselves in an ever- changing threat landscape.
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
Whitepapers
The World's Best SOC Teams Use Anvilogic
.svg)
.svg)
.svg)
.png)
Build Detections You Want, Where You Want
