We curate threat intelligence to provide situational awareness and actionable insights
Threat Identifier Detections
Atomic detections that serve as the foundation of our detection framework.
Threat Scenario Detections
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
Reports Hot Off the Forge
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Financially Motivated Group Eyes Hospitality and Travel Organizations
Proofpoint identifies TA558 as a financially motivated threat group targeting hospitality and travel sectors since 2018. Their phishing campaigns, focusing on Latin America, deploy various malware via reservation-themed emails. The group’s activity increased in 2022, using tactics like exploiting CVE-2017-11882 and PowerShell scripts.
Ukraine Remains Shuckworm's Focus
Shuckworm (Gamaredon) continues targeting Ukraine with recent campaigns distributing PowerShell malware. The malware captures screenshots and executes commands, adding to Shuckworm’s toolset of espionage tools. Symantec reports persistent efforts against Ukraine from July 15th to August 8th, 2022.
Microsoft Intervenes with SEABORGIUM’s Phishing Campaigns
Microsoft intervened against SEABORGIUM’s phishing campaigns targeting Baltics, Nordics, and Eastern Europe. SEABORGIUM, a Russian threat actor, focuses on espionage, using phishing and credential theft to exfiltrate data. Microsoft shut down accounts used by the group for surveillance and phishing.
New MikuBot Malware Available for Purchase in Cyber-Crime Forums
Cyble researchers discovered MikuBot, a new malware available for $1300 for 1.5 months. It targets Windows systems from Vista to 11, stealing data and enabling remote access via hidden VNC sessions. MikuBot spreads through USB, modifies Windows Defender settings, and provides a user interface for attackers.
Bumblebee Loader Not Losing Steam
Cybereason's research highlights Bumblebee loader infections initiated via LNK files in phishing emails. The campaign involved extensive reconnaissance, exploitation of Zerologon, and lateral movement using Cobalt Strike. Bumblebee replaces older loaders like BazarLoader, indicating evolving capabilities and ongoing development among threat actors.
The Price and Value of Stolen Data
SpiderLabs research reveals the value of stolen data, with cybercriminals selling PII for $0.20 to $50, credit cards for $8 to $1500, and bank account access for $100 to $3000. Organization access credentials fetch the highest prices, emphasizing the profitability of data theft for cybercriminals.
About the Forge & Threat Reports
Our mission is to assess the operational behaviors of all threats to provide the community, and our customers, with actionable information and enterprise-ready detections in order to defend themselves in an ever- changing threat landscape.
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
Whitepapers
The World's Best SOC Teams Use Anvilogic
.svg)
.svg)
.svg)
.png)
Build Detections You Want, Where You Want
