We curate threat intelligence to provide situational awareness and actionable insights
Threat Identifier Detections
Atomic detections that serve as the foundation of our detection framework.
Threat Scenario Detections
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
Reports Hot Off the Forge
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Ukraine Targeted by Chinese Threat Actor Group, Scarab
CERT-UA reports cyber activity from Chinese threat actor Scarab (UAC-0026) targeting Ukraine since March 25, 2022. The malicious RAR file "the preservation of video recordings of criminal actions of the army of the Russian Federation.rar" includes a lure document, DLL file, and batch file. Scarab’s objectives remain unknown.
Threat Group, InvisiMole Striking Ukraine
CERT-UA warns of InvisiMole attacks on Ukrainian military and diplomatic sectors. The group uses phishing campaigns to deliver LoadEdge backdoors. The attack chain involves ZIP archives, LNK files, and VBScript execution, with DNS tunneling and registry modifications to establish persistence and data collection.
Telegram Fuels Cyber Communication
Check Point research identifies a surge in Telegram groups during the Russia-Ukraine conflict, with some groups uniting over 250,000 users to coordinate cyberattacks and fraudulent support efforts. About 23% of observed groups aim to attack Russian targets, utilizing DDoS attacks and sharing results to bolster efforts.
Miratorg Agribusiness Holding - Ransomware Attack
On March 22, 2022, Miratorg Agribusiness Holding, a meat supplier based in Moscow, suffered a ransomware attack using Windows BitLocker. The attack, believed to be an act of sabotage rather than financially motivated, targeted VetIS, a state information system used by veterinary services and companies in the field. Miratorg suggests the attack may be linked to the Russia-Ukraine conflict, citing hostility from the West. The company is currently working to restore its business services.
MicroBackdoor Attacks Ukraine
On March 9, 2022, Ukraine's Computer Emergency Response Team (CERT-UA) warned that MicroBackdoor malware is targeting Ukrainian government agencies. The malware, distributed via phishing emails, contains a zip file with files that execute malicious VBScript code. CERT-UA's intelligence indicates that the malware was created in January 2022.
HermeticRansom Ransomware Decryptor Released by Avast
Avast has released a decryptor for HermeticRansom, a ransomware component of HermeticWiper. CrowdStrike found a weakness in its encryption schema, allowing files to be decrypted. The ransomware, written in Go, serves as a decoy for the wiper and encrypts files in various paths. The flaw indicates possible inexperience or limited effort by the malware author.
About the Forge & Threat Reports
Our mission is to assess the operational behaviors of all threats to provide the community, and our customers, with actionable information and enterprise-ready detections in order to defend themselves in an ever- changing threat landscape.
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
Whitepapers
The World's Best SOC Teams Use Anvilogic
.svg)
.svg)
.svg)
.png)
Build Detections You Want, Where You Want
