We curate threat intelligence to provide situational awareness and actionable insights
Threat Identifier Detections
Atomic detections that serve as the foundation of our detection framework.
Threat Scenario Detections
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
Reports Hot Off the Forge
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Ukrainian News Websites Hacked
On March 24th, 2022, Ukrainian news websites were hacked and defaced with the "Z" symbol. The State Service of Special Communication and Information Protection of Ukraine attributes the attacks to Russian threat actors. Despite the defacement, no data was compromised, and services are now restored.
Russian Central Bank Hacked by Anonymous
On March 24th, 2022, Anonymous hacked the Russian central bank and pension fund, threatening to release extensive data. The group executed a "printer attack" and wiped databases, supporting Ukraine in the ongoing conflict. The data release is expected within 5-20 days as exfiltration completes.
Ukraine Targeted by Chinese Threat Actor Group, Scarab
CERT-UA reports cyber activity from Chinese threat actor Scarab (UAC-0026) targeting Ukraine since March 25, 2022. The malicious RAR file "the preservation of video recordings of criminal actions of the army of the Russian Federation.rar" includes a lure document, DLL file, and batch file. Scarab’s objectives remain unknown.
Threat Group, InvisiMole Striking Ukraine
CERT-UA warns of InvisiMole attacks on Ukrainian military and diplomatic sectors. The group uses phishing campaigns to deliver LoadEdge backdoors. The attack chain involves ZIP archives, LNK files, and VBScript execution, with DNS tunneling and registry modifications to establish persistence and data collection.
Telegram Fuels Cyber Communication
Check Point research identifies a surge in Telegram groups during the Russia-Ukraine conflict, with some groups uniting over 250,000 users to coordinate cyberattacks and fraudulent support efforts. About 23% of observed groups aim to attack Russian targets, utilizing DDoS attacks and sharing results to bolster efforts.
Miratorg Agribusiness Holding - Ransomware Attack
On March 22, 2022, Miratorg Agribusiness Holding, a meat supplier based in Moscow, suffered a ransomware attack using Windows BitLocker. The attack, believed to be an act of sabotage rather than financially motivated, targeted VetIS, a state information system used by veterinary services and companies in the field. Miratorg suggests the attack may be linked to the Russia-Ukraine conflict, citing hostility from the West. The company is currently working to restore its business services.
About the Forge & Threat Reports
Our mission is to assess the operational behaviors of all threats to provide the community, and our customers, with actionable information and enterprise-ready detections in order to defend themselves in an ever- changing threat landscape.
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
Whitepapers
The World's Best SOC Teams Use Anvilogic
.svg)
.svg)
.svg)
.png)
Build Detections You Want, Where You Want
