We curate threat intelligence to provide situational awareness and actionable insights
Threat Identifier Detections
Atomic detections that serve as the foundation of our detection framework.
Threat Scenario Detections
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
Reports Hot Off the Forge
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Ragnar Locker Ransomware Attacked Energy Sector
Cybereason reports Ragnar Locker ransomware's attack on Greek natural gas operator DESFA on August 23, 2022, with no impact on gas supply. The attack involved data collection, shadow copy deletion, and encryption. This incident marks the fourth recent ransomware attack on energy providers, including ENN Group, Creos/Encevo, and South Staffordshire PLC.
Trend Mico Takes a Deep Dive into Black Basta Ransomware
Trend Micro's research into Black Basta ransomware highlights the group's targeted approach, affecting industries such as apparel, finance, and technology. Active since April 2022, Black Basta uses spear phishing to deploy Qakbot malware and PowerShell scripts for reconnaissance and lateral movement. Exploiting PrintNightmare for privilege escalation and using Rclone for data exfiltration, the group has been most active in June 2022.
Threat Actors JuiceLedger's Newest Attack Campaign Uses PyPI Phishing
Collective research by Checkmarx and SentinelOne reveals JuiceLedger's recent phishing campaign, targeting PyPI packages with JuiceStealer malware. The attack starts with a Google validation-themed phishing email leading to credential harvesting. Poisoned packages such as exotel and spam were downloaded over 680,000 times before being taken down. Contributors are advised to use two-factor authentication to safeguard their packages.
Office Macros and James Webb Telescope Images Used in Infection Chain
Securonix uncovers a phishing campaign leveraging NASA's James Webb telescope images and Office macros to spread Golang malware. The infection chain starts with a malicious document, downloading and executing a VBS macro, which then decodes a JPG file containing Base64 code. The malware establishes persistence and initiates a C2 connection, with new domains registered as recently as May 29, 2022.
LockBit Claims Hack On French Hospital
LockBit ransomware attacked the French Center Hospital Sud Francilien on August 21, 2022, demanding a $10 million ransom. The attack caused significant disruptions, diverting patient care to other facilities and delaying surgeries. The hospital is operating without IT services, leading to longer wait times and limited services.
Quantum Ransomware Attacks Government Agriculture Agency
Quantum ransomware attacked the Dominican Republic's Instituto Agrario Dominicano on August 18, 2022, demanding $650,000 in ransom. The attack compromised all servers, stealing 1TB of data. The agency, lacking security measures and funds, faces substantial damage with databases, applications, and emails affected.
About the Forge & Threat Reports
Our mission is to assess the operational behaviors of all threats to provide the community, and our customers, with actionable information and enterprise-ready detections in order to defend themselves in an ever- changing threat landscape.
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
Whitepapers
The World's Best SOC Teams Use Anvilogic
.svg)
.svg)
.svg)
.png)
Build Detections You Want, Where You Want
