We curate threat intelligence to provide situational awareness and actionable insights
Threat Identifier Detections
Atomic detections that serve as the foundation of our detection framework.
Threat Scenario Detections
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
Reports Hot Off the Forge
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Meyer Corporation Ransomware Attack
On October 25, 2021, Meyer Corporation, a cookware distributor, suffered a ransomware attack, as reported by BleepingComputer. The incident review completed on December 1, 2021, identified the compromise of employee data, including names, addresses, dates of birth, social security numbers, passports, and government ID numbers. Subsidiaries such as Hestan Commercial Corporation and Hestan Vineyards were also affected. While Meyer Corporation's notification lacks specific details, BleepingComputer linked the attack to the Conti ransomware group, which posted 2% of the stolen data on their extortion site.
Financial Fraud with Exchange Vulnerabilities
Since September 2021, Squirrelwaffle malware has been exploiting Microsoft Exchange ProxyLogon and ProxyShell vulnerabilities. According to Sophos, hijacked emails are used to spread the malware and commit financial fraud by creating "typo-squatted" domains and sending fraudulent payment requests. The attackers gain access to victims' payments by manipulating email threads.
Emotet Changes Infection Tactic
Palo Alto Unit42 has identified a new infection tactic used by Emotet malware. The attack begins with phishing emails containing hijacked email threads and delivers an Excel file with an obfuscated macro. Activating the macro downloads an HTML application, which then executes two stages of PowerShell to deploy the final Emotet payload.
Emissary Panda Attack Insight
HVS Consulting's report outlines a nine-month campaign by Emissary Panda, featuring phases of initial compromise, persistence, and data exfiltration. Major vulnerabilities exploited include ProxyLogon, Confluence, and Log4Shell. ProxyLogon, widely exploited by groups like Hafnium and Fancy Bear, led to significant Exchange server compromises.
Banking outage in Canada
On February 16, 2022, a significant outage affected online and mobile banking services for major Canadian banks, including Royal Bank of Canada (RBC), Bank of Montreal (BMO), Scotiabank, TD Bank, and Canadian Imperial Bank of Commerce (CIBC). The issues peaked between 17:00 - 18:00 EST, with customers experiencing service disruptions and transaction rejections. Despite efforts to restore services, customers reported ongoing issues throughout the day.
Analysis of Ukraine's DDoS Attack
CadoSecurity's analysis of the February 2022 DDoS attack on Ukraine reveals the involvement of the Katana botnet, impacting banks, government, and military sites. The attack, attributed to Russia, caused moderate disruptions.
About the Forge & Threat Reports
Our mission is to assess the operational behaviors of all threats to provide the community, and our customers, with actionable information and enterprise-ready detections in order to defend themselves in an ever- changing threat landscape.
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
Whitepapers
The World's Best SOC Teams Use Anvilogic
.svg)
.svg)
.svg)
.png)
Build Detections You Want, Where You Want
