We curate threat intelligence to provide situational awareness and actionable insights
Threat Identifier Detections
Atomic detections that serve as the foundation of our detection framework.
Threat Scenario Detections
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
Reports Hot Off the Forge
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
APT31 Intrusion Set from ANSSI
ANSSI tracks APT31's intrusion tactics since January 2021, using methods like brute force, valid accounts, and Proxylogon exploits. Persistent actions include task scheduling, lateral movement via RDP/FTP/SMB, and data exfiltration through email, DNS, and SMB.
CVE-2021-44228 / Log4Shell Vulnerability
A zero-day exploit named CVE-2021-44228 (Log4Shell) was discovered in the Log4j library, affecting versions 2.0-beta9 to 2.14.1. This vulnerability allows remote code execution and impacts major services. Update to log4j-2.15.0-rc2 to mitigate the threat.
NSO Spyware Compromises US State Department Employees' Phones
Apple informed nine US State Department employees that their iPhones were compromised by NSO Pegasus spyware. The affected officials were either based in Uganda or focused on East African matters. The compromises occurred over the past several months, as reported by two Reuters sources.
Magecart Abuses Google Tag Manager
The Magecart threat actor group has exploited Google Tag Manager (GTM) by embedding malicious JavaScripts within GTM containers. This abuse allows the execution of JavaScript when a browser loads the container, collecting payment information from unsuspecting buyers through fraudulent payment forms and exfiltrating the data to a remote server. Gemini Advisory, a Recorded Future company, reports that since February 4th, 2021, 316 e-commerce sites have been compromised, resulting in at least 88,000 payment card records being posted for sale on dark web markets.
ANSSI Alerts of Nobelium Targeting French Organizations
ANSSI raised an alert on Nobelium phishing campaigns targeting French entities, with attacks beginning in February 2021 and escalating in May. Compromised French email accounts are used to send weaponized emails to foreign diplomatic sectors, utilizing various hosting providers.
RTF Template Injection
Proofpoint reports increased RTF template injection attacks by APT groups TA423, DoNot Team, and Gamaredon since February 2021. This technique alters RTF file control words to download malicious payloads. Targets include Malaysia's energy exploration and the Ukrainian government. Detection rates remain low, necessitating vigilance.
About the Forge & Threat Reports
Our mission is to assess the operational behaviors of all threats to provide the community, and our customers, with actionable information and enterprise-ready detections in order to defend themselves in an ever- changing threat landscape.
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
Whitepapers
The World's Best SOC Teams Use Anvilogic
.svg)
.svg)
.svg)
.png)
Build Detections You Want, Where You Want
