We curate threat intelligence to provide situational awareness and actionable insights
Threat Identifier Detections
Atomic detections that serve as the foundation of our detection framework.
Threat Scenario Detections
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
Reports Hot Off the Forge
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Venus Ransomware Attacks Healthcare Organizations
The U.S. Department of Health and Human Services reports the Venus ransomware group targeting healthcare organizations since August 2022. The group exploits open remote desktop services and encrypts files with a '.venus' extension. Despite not having a data leak site, Venus uses various contact methods, indicating multiple threat actors are distributing the ransomware.
DDoS Attacks From Hacktivists Haven't Been Heavy Hitters
The FBI's latest assessment reveals that hacktivist DDoS attacks have caused minor impacts, often targeting websites rather than critical services. Pro-Russian group Killnet has been active but with limited success, causing disruptions without significant service interruptions, including an attempted attack on the U.S. Treasury.
The Worrying State of Cybersecurity in Italy
Cyble Research raises concerns about Italy's cybersecurity, highlighting the rise in cyberattacks against critical industries. Italy, a top global exporter, faces threats exacerbated by the Russia-Ukraine conflict. Significant attacks include those on energy suppliers GSE and Eni, the Ministry of Defense, and Vodafone Italy.
Earth Longzhi Another Subgroup to APT41
Trend Micro identifies Earth Longzhi, a new subgroup of APT41, targeting East and Southeast Asia since 2020. Earth Longzhi exploits RCE vulnerabilities and uses phishing emails to deploy Cobalt Strike and custom tools for privilege escalation and credential dumping, impacting sectors like academics, aviation, and healthcare.
IPFS A Web3 Technology Used to Host Phishing & Malware
Cisco Talos identifies threat actors exploiting IPFS, a Web3 protocol, to host phishing and malware campaigns. Leveraging IPFS's low-cost and resilient storage, attackers deliver payloads like Agent Tesla via phishing emails. The platform's resistance to content moderation complicates detection, posing an increasing threat in 2022.
IceXLoader Makes an Impact After the Latest Update
Minerva Labs reports a surge in IceXLoader infections after the update to version 3.3.3. The malware now uses advanced evasion techniques, including AMSI bypass and Windows Defender disabling. It gains persistence through the Run registry and collects host information, making it a significant threat globally.
About the Forge & Threat Reports
Our mission is to assess the operational behaviors of all threats to provide the community, and our customers, with actionable information and enterprise-ready detections in order to defend themselves in an ever- changing threat landscape.
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
Whitepapers
The World's Best SOC Teams Use Anvilogic
.svg)
.svg)
.svg)
.png)
Build Detections You Want, Where You Want
