We curate threat intelligence to provide situational awareness and actionable insights
Threat Identifier Detections
Atomic detections that serve as the foundation of our detection framework.
Threat Scenario Detections
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
Reports Hot Off the Forge
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
US Federal Government Initiative to protect Water Systems
The US government and the EPA have launched an initiative to protect the nation's water systems, focusing on enhancing cyber defense technologies. A pilot program by the EPA and CISA aims to improve ICS monitoring and cooperation among water sector entities, safeguarding over 150,000 systems serving 300 million Americans.
CVE-2021-4034 - Polkit's Pkexec - LPE
Qualys has identified CVE-2021-4034, a local privilege escalation vulnerability in the SUID-root program polkit's pkexec, present on all major Linux distributions including Ubuntu, Debian, Fedora, and CentOS. Exploiting this vulnerability is described as trivial due to the ease of execution, with various proofs-of-concept released by security researchers demonstrating the vulnerability. The impact is widespread, offering attackers high privileges across all affected Linux distributions.
Remote Access Trojan - STRRAT
FortiGuard's research details STRRAT, a remote access trojan active since 2020. Spread via phishing emails impersonating Maersk, it uses an Excel dropper to deliver the java-based RAT. STRRAT establishes persistence and has extensive capabilities including keystroke logging and credential theft.
RRD Victim of Conti Ransomware Attack
Communications firm R.R. Donnelley & Sons (RRD) was hit by a Conti ransomware attack in December 2021, causing a network shutdown. Conti later claimed to have stolen 2.5 GB of data. Both parties are cooperating, and RRD continues to investigate the incident's impact.
Mandiant - AVADDON Ransomware
Mandiant's research on AVADDON ransomware, active from June 2020 to June 2021, highlights its impact on various sectors, including education, finance, healthcare, and technology. The ransomware group utilized initial access brokers, custom web shells like BLACKCROW and DARKRAVEN, and tools such as EMPIRE and POWERSPLOIT for post-exploitation. Tactics included RDP for lateral movement, scheduled tasks for persistence, 7zip for data archival, and MEGAsync for data staging and exfiltration. Mandiant speculates potential links between AVADDON and other ransomware groups, BLACKMATTER and SABBATH.
Moncler - Ransomware Attack
In December 2021, Italian fashion giant Moncler disclosed a ransomware attack by AlphV/BlackCat, leading to operational disruptions and data breaches. The attack caused temporary outages and prioritized shipments once logistics systems were restored. The compromised data includes information related to customers, employees, former employees, suppliers, consultants, and business partners, but not payment information. Moncler refused to pay the ransom, citing it would go against its founding principles.
About the Forge & Threat Reports
Our mission is to assess the operational behaviors of all threats to provide the community, and our customers, with actionable information and enterprise-ready detections in order to defend themselves in an ever- changing threat landscape.
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
Whitepapers
The World's Best SOC Teams Use Anvilogic
.svg)
.svg)
.svg)
.png)
Build Detections You Want, Where You Want
