We curate threat intelligence to provide situational awareness and actionable insights
Threat Identifier Detections
Atomic detections that serve as the foundation of our detection framework.
Threat Scenario Detections
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
Reports Hot Off the Forge
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Malware Spreading on YouTube Videos Featuring Videogame Tutorials
Kaspersky researchers find RedLine malware in YouTube videogame tutorials. The malware is hidden in downloads masquerading as game cheats and cracks. It steals sensitive user data and uses infected YouTube accounts to propagate further, targeting popular game titles.
Gamaredon APT Targets Ukraine with Infostealer Campaign
Cisco Talos identifies an espionage campaign by Russian threat group Gamaredon targeting Ukrainian entities with a new infostealer malware. The attack begins with phishing emails containing weaponized documents that deploy macros to download and execute malicious scripts, establish persistence, and deploy the custom infostealer.
Asian Government Entities Targeted with Espionage Activity
Symantec reveals espionage campaigns targeting Asian government and state-owned entities, including aerospace, defense, and telecommunications sectors. The attackers, linked to ShadowPad RAT, used DLL side-loading and legitimate software packages to deploy malware and steal information. The campaigns involve long-term infiltration and are attributed to APT41 and Mustang Panda.
DDoS Targets Ransomware Operator's Cobalt Servers
AdvIntel CEO Vitali Kremez has identified DDoS attacks targeting ex-Conti Cobalt Strike servers, delivering anti-Russian messages. Despite Conti's shutdown in May 2022, their infrastructure is still used by former members. The DDoS attacks, occurring every two seconds, reflect a growing trend of offensive campaigns against ransomware groups.
Iranian Threat Group, APT42 Deploys Android Spyware
Mandiant uncovers APT42's cyber espionage campaigns deploying Android spyware to target individuals and organizations of interest to the Iranian government. The group focuses on credential harvesting and surveillance, with recent campaigns involving spear-phishing emails. APT42's targets include government officials, journalists, and academics.
Vice Society Claims Attack on Los Angeles Unified School District
Vice Society claims a ransomware attack on Los Angeles Unified School District (LAUSD), compromising 500GB of data. LAUSD, the second-largest US school district, is working with federal agencies, including the FBI and CISA, to recover and enhance security measures.
About the Forge & Threat Reports
Our mission is to assess the operational behaviors of all threats to provide the community, and our customers, with actionable information and enterprise-ready detections in order to defend themselves in an ever- changing threat landscape.
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
Whitepapers
The World's Best SOC Teams Use Anvilogic
.svg)
.svg)
.svg)
.png)
Build Detections You Want, Where You Want
