We curate threat intelligence to provide situational awareness and actionable insights
Threat Identifier Detections
Atomic detections that serve as the foundation of our detection framework.
Threat Scenario Detections
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
Reports Hot Off the Forge
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
CISA Warns of Cybercriminals Targeting Industrial Control Systems
Multiple United States government agencies, including the Department of Energy (DOE), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI), have issued an advisory warning of potential attacks from advanced persistent threat (APT) groups targeting industrial control systems (ICS). Attackers have demonstrated the capability to gain full system control of ICS and supervisory control and data acquisition (SCADA) devices. CISA identified devices at risk, including Schneider Electric programmable logic controllers (PLCs), OMRON Sysmac NEX PLCs, and Open Platform Communications Unified Architecture (OPC UA) servers. Although a recent attack by Sandworm targeting a Ukrainian energy provider on April 8th, 2022, was prevented, the threat remains significant.
Spring Exploits
Trend Micro research identifies exploits in Spring Core (CVE-2022-22965) and Spring Cloud Functions (CVE-2022-22963), leading to Mirai malware installation. Initial exploitation attempts were traced to Singapore, involving webshell uploads, permission changes, and shell script execution to install Mirai samples on various CPU architectures.
Potential Attack on Indian Electricity Grid by RedEcho
Recorded Future suspects Chinese group RedEcho in a cyber attack on India's power grid, targeting seven State Load Despatch Centres in North India near the Ladakh border. The attack aims for prepositioning, disruption, and intelligence collection amid India-China border tensions. Recorded Future’s director suggests it could signal deterrence capabilities.
New AsyncRAT & 3LOSH Crypter Malware Campaigns
Cisco Talos research tracks the use of 3LOSH crypter in malware campaigns distributing AsyncRAT and LimeRAT. These campaigns begin with an ISO disk image and use PowerShell scripts to create persistence and evade detection in corporate environments, showing increased activity over recent months.
Nordex Group's Cyber Attack
Nordex Group, a wind turbine manufacturer, experienced a cyberattack on March 31, 2022, leading to a precautionary shutdown of IT systems globally. The company's incident response team, comprising internal and external experts, was activated immediately to contain the issue and assess potential exposure. No further updates have been provided.
ALPHV Ransomware Hits North Carolina A&T University
North Carolina A&T University was targeted by ALPHV ransomware between March 7-11, disrupting vital network services and compromising personal data. Recovery is ongoing, with significant student impact.
About the Forge & Threat Reports
Our mission is to assess the operational behaviors of all threats to provide the community, and our customers, with actionable information and enterprise-ready detections in order to defend themselves in an ever- changing threat landscape.
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
Whitepapers
The World's Best SOC Teams Use Anvilogic
.svg)
.svg)
.svg)
.png)
Build Detections You Want, Where You Want
