We curate threat intelligence to provide situational awareness and actionable insights
Threat Identifier Detections
Atomic detections that serve as the foundation of our detection framework.
Threat Scenario Detections
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
Reports Hot Off the Forge
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Okta Completes Investigation of January 2022 Breach
Okta's investigation into the January 2022 data breach reveals a smaller scope than initially anticipated. Only two customer tenants were accessed for 25 minutes, with no configuration changes or password resets. The breach stemmed from a compromised Sitel support engineer's workstation. Okta has since terminated its relationship with Sitel.
North Korean APT Groups Target Blockchain and Cryptocurrency Companies
CISA, FBI, and Treasury warn of North Korean APT groups targeting blockchain and cryptocurrency firms. Groups like Lazarus and APT38 use social engineering and trojanized apps in "TradeTraitor" campaigns to infiltrate systems, steal credentials, and execute fraudulent transactions.
Microsoft Analyzes & Disrupts Zloader
Microsoft's efforts, in collaboration with telecommunications providers, have led to the takedown of various ZLoader infrastructure. ZLoader malware is delivered through multiple attack chains, including emails with malicious links or attachments, and Google Ads leveraging compromised legitimate domains. Upon execution, a malicious MSI triggers PowerShell scripts to download the ZLoader payload. The modular malware creates persistence, downloads additional payloads, and conducts system enumeration to meet attackers' objectives.
BlackCat Breaches Florida International University
BlackCat (ALPHV) ransomware has breached Florida International University (FIU), claiming to have compromised approximately 1.2TB of data, including contracts, accounting documents, social security numbers, and email databases. FIU has acknowledged the ransomware group's claim but denies that sensitive information has been compromised. The investigation is ongoing.
Lapsus$ Breached SuperCare Health in July 2021
In July 2021, SuperCare Health, a California-based respiratory care provider, experienced a data breach by the Lapsus$ group, affecting 318,379 patients. Compromised data included patient names, birthdates, medical and insurance information, with some patients' social security numbers and driver's license information also exposed.
DHS Prevents Cyberattack on Hawaiian Telecommunications Company
The Department of Homeland Security (DHS) prevented a cyberattack on a Hawaiian telecommunications company utilizing underwater cables. DHS investigators received a tip, allowing them to disrupt the attack without causing any damage or disruption to Hawaii's telecommunication infrastructure.
About the Forge & Threat Reports
Our mission is to assess the operational behaviors of all threats to provide the community, and our customers, with actionable information and enterprise-ready detections in order to defend themselves in an ever- changing threat landscape.
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
Whitepapers
The World's Best SOC Teams Use Anvilogic
.svg)
.svg)
.svg)
.png)
Build Detections You Want, Where You Want
