We curate threat intelligence to provide situational awareness and actionable insights
Threat Identifier Detections
Atomic detections that serve as the foundation of our detection framework.
Threat Scenario Detections
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
Reports Hot Off the Forge
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Office Macros and James Webb Telescope Images Used in Infection Chain
Securonix uncovers a phishing campaign leveraging NASA's James Webb telescope images and Office macros to spread Golang malware. The infection chain starts with a malicious document, downloading and executing a VBS macro, which then decodes a JPG file containing Base64 code. The malware establishes persistence and initiates a C2 connection, with new domains registered as recently as May 29, 2022.
LockBit Claims Hack On French Hospital
LockBit ransomware attacked the French Center Hospital Sud Francilien on August 21, 2022, demanding a $10 million ransom. The attack caused significant disruptions, diverting patient care to other facilities and delaying surgeries. The hospital is operating without IT services, leading to longer wait times and limited services.
Quantum Ransomware Attacks Government Agriculture Agency
Quantum ransomware attacked the Dominican Republic's Instituto Agrario Dominicano on August 18, 2022, demanding $650,000 in ransom. The attack compromised all servers, stealing 1TB of data. The agency, lacking security measures and funds, faces substantial damage with databases, applications, and emails affected.
Cyberattacks and Covid Maintain Challenges for Aviation and Travel Industry
Cyble reports that cyber threats continue to target the aviation and travel industries, exacerbated by Covid. Threat actors exploit poor cybersecurity practices, legacy systems, and insider threats, often stealing payment card information and loyalty rewards. Ransomware incidents by Quantum, RansomEXX, AlphaVM, and LockBit were notable in 2022.
0ktapus, An Okta Themed Phishing Campaign
Group-IB reveals the 0ktapus phishing campaign, impersonating Okta and targeting 130 organizations, resulting in 9,931 compromised accounts. The campaign, which began in March 2022, used 169 unique domains to obtain Okta credentials and 2FA codes from users across various industries.
MuddyWater APT Exploits Log4j
Microsoft reports the Iranian APT group MuddyWater exploiting the Log4Shell vulnerability (CVE-2021-44228) against Israeli organizations and targeting telecommunication sectors in the Middle East and Asia. The group exploits unpatched SysAid Server instances, uses tools like Mimikatz for credential theft, and establishes persistence via autorun registry keys.
About the Forge & Threat Reports
Our mission is to assess the operational behaviors of all threats to provide the community, and our customers, with actionable information and enterprise-ready detections in order to defend themselves in an ever- changing threat landscape.
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
Whitepapers
The World's Best SOC Teams Use Anvilogic
.svg)
.svg)
.svg)
.png)
Build Detections You Want, Where You Want
