We curate threat intelligence to provide situational awareness and actionable insights
Threat Identifier Detections
Atomic detections that serve as the foundation of our detection framework.
Threat Scenario Detections
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
Reports Hot Off the Forge
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Anonymous Group Hacks Federal Russian Agency
Anonymous hackers have breached Roskomnadzor, the Russian media censoring agency, in support of Ukraine. The attack, revealing 820GB of data, highlights the agency's censorship role in the conflict.
Utilizing Cloud Technology in Russia and Ukraine
On March 16th, 2022, AquaSec's Team Nautilus analyzed cloud technology use in the Russia-Ukraine conflict, focusing on public repositories like DockerHub and GitHub. They found significant DoS activity and resources aiding digital conflict, with DockerHub containing the most related resources.
Protestware
In protest of the Russia-Ukraine conflict, node-ipc developer Brandon Nozaki Miller released compromised versions 10.1.1 and 10.1.2, targeting users in Russia and Belarus. These versions corrupt files on the victim host, tracked as CVE-2022-23812. The sabotaged versions have been removed, and version 10.1.3 is now available without the malicious code.
Ukraine Targeted with Fraudulent Translation Software
On March 16th, 2022, SentinelOne reported that SaintBear is distributing fraudulent translation software in Ukraine to infect users with GrimPlant and GraphSteel malware. This campaign, active since February 2022, involves downloading additional payloads, running reconnaissance commands, establishing persistence, and collecting credentials.
Threat Group Delivers Cobalt Strike Through AV Updates
Ukrainian CERT warns of a phishing campaign by UAC-0056/Lorec53, delivering Cobalt Strike through fake antivirus updates. The campaign prompts users to download "itdefenderWindowsUpdatePackage.exe" which downloads a Cobalt Strike beacon from Discord. The attack establishes persistence, conducts reconnaissance, and executes commands on the victim host.
RURansom Wiper
TrendMicro reports the discovery of RURansom Wiper, a malware targeting Russian assets amid the Ukraine conflict. Detected between February 26 and March 2, 2022, the malware causes irreversible damage, without ransom demands. It executes only if the host's software or IP is Russian, with multiple variations observed.
About the Forge & Threat Reports
Our mission is to assess the operational behaviors of all threats to provide the community, and our customers, with actionable information and enterprise-ready detections in order to defend themselves in an ever- changing threat landscape.
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
Whitepapers
The World's Best SOC Teams Use Anvilogic
.svg)
.svg)
.svg)
.png)
Build Detections You Want, Where You Want
