We curate threat intelligence to provide situational awareness and actionable insights
Threat Identifier Detections
Atomic detections that serve as the foundation of our detection framework.
Threat Scenario Detections
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
Reports Hot Off the Forge
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Espionage Efforts from Chinese Threat Actor Targets Tibet
Recorded Future's research uncovers Chinese threat group TA413's espionage campaigns against the Tibetan community and European organizations. TA413 exploits vulnerabilities such as Follina and Sophos firewall flaws, using custom malware like the LOWZERO backdoor to target government, non-profit, and research entities.
The Dangers of Inbox Rules
Red Canary's latest report exposes how threat actors leverage email inbox rules for business email compromise (BEC). Attackers use auto-forwarding, rerouting, and deleting emails to gain persistence and exfiltrate data. Admin account compromises can lead to widespread rule creation, complicating incident response.
Analyzing TeamTNT Attacks
AquaSec researchers analyze TeamTNT's activities, revealing their attacks on cloud environments. TeamTNT targets misconfigured Docker instances to deploy Bitcoin encryption solvers and cryptominers. Their methods include using rootkits, creating cronjobs for persistence, and executing scripts via GitHub.
Zoom Impersonation Infection Tied to FIN11
CYFIRMA links the Russian threat group FIN11 to a Zoom impersonation campaign distributing Vidar malware. Fake Zoom domains hosted in Russia deliver malicious archives that infect users with information-stealing malware. The campaign aims to steal credentials, banking information, and crypto-wallet data.
Scammers Divert Funds from Teacher's Direct Deposit
Abnormal Security researchers identify a payroll diversion scam targeting teachers, attributed to the Chiffon Herring group. Scammers impersonate teachers, requesting HR to redirect paychecks to attacker-owned accounts. The group targets various educational institutions, exploiting publicly available personnel information.
Proofpoint Studies Threat Actor's Multi-Persona Impersonation Technique
Proofpoint researchers uncover APT35's use of Multi-Persona Impersonation (MPI) in email campaigns, involving multiple personas to increase email legitimacy. Targeting academics, policymakers, and researchers in medical and nuclear fields, these campaigns aim to collect intelligence, often using credential harvesting links.
About the Forge & Threat Reports
Our mission is to assess the operational behaviors of all threats to provide the community, and our customers, with actionable information and enterprise-ready detections in order to defend themselves in an ever- changing threat landscape.
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
Whitepapers
The World's Best SOC Teams Use Anvilogic
.svg)
.svg)
.svg)
.png)
Build Detections You Want, Where You Want
