We curate threat intelligence to provide situational awareness and actionable insights
Threat Identifier Detections
Atomic detections that serve as the foundation of our detection framework.
Threat Scenario Detections
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
Reports Hot Off the Forge
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Measuring Ukraine Attacks Since Feb 24
CERT-UA reports 1,123 cyber attacks on Ukraine since the Russian invasion on February 24, 2022. The attacks targeted critical sectors, including government, defense, energy, financial, and telecommunication. Hackers aimed to gather information, deliver malware, and disrupt Ukraine’s activities. Key sectors affected include government and local authorities with 260 attacks, security and defense with 154 attacks, commercial organizations with 83 attacks, and the financial sector with 72 attacks.
Instagram Blue Badge Latest Phishing Lure
Researchers at Vade have discovered a phishing campaign using Instagram's blue badge as bait to collect personal information and credentials. The campaign, starting in July 2022, targeted victims with emails directing them to a web form. Social media platforms are the fourth most impersonated, following financial services, government, and internet/telecommunication organizations.
LockBit Faces DDoS Attack Of Their Own
On August 19, 2022, LockBit's attempt to leak 300GB of Entrust data was disrupted by a DDoS attack. LockBitSupp announced improvements to their infrastructure and a new triple extortion scheme: encryption, data leak, and DDoS attacks. The group is actively recruiting DDoS attackers. Despite the attack, LockBit released the Entrust data via a legitimate torrent.
Ragnar Locker Ransomware Attacked Energy Sector
Cybereason reports Ragnar Locker ransomware's attack on Greek natural gas operator DESFA on August 23, 2022, with no impact on gas supply. The attack involved data collection, shadow copy deletion, and encryption. This incident marks the fourth recent ransomware attack on energy providers, including ENN Group, Creos/Encevo, and South Staffordshire PLC.
Trend Mico Takes a Deep Dive into Black Basta Ransomware
Trend Micro's research into Black Basta ransomware highlights the group's targeted approach, affecting industries such as apparel, finance, and technology. Active since April 2022, Black Basta uses spear phishing to deploy Qakbot malware and PowerShell scripts for reconnaissance and lateral movement. Exploiting PrintNightmare for privilege escalation and using Rclone for data exfiltration, the group has been most active in June 2022.
Threat Actors JuiceLedger's Newest Attack Campaign Uses PyPI Phishing
Collective research by Checkmarx and SentinelOne reveals JuiceLedger's recent phishing campaign, targeting PyPI packages with JuiceStealer malware. The attack starts with a Google validation-themed phishing email leading to credential harvesting. Poisoned packages such as exotel and spam were downloaded over 680,000 times before being taken down. Contributors are advised to use two-factor authentication to safeguard their packages.
About the Forge & Threat Reports
Our mission is to assess the operational behaviors of all threats to provide the community, and our customers, with actionable information and enterprise-ready detections in order to defend themselves in an ever- changing threat landscape.
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
Whitepapers
The World's Best SOC Teams Use Anvilogic
.svg)
.svg)
.svg)
.png)
Build Detections You Want, Where You Want
