We curate threat intelligence to provide situational awareness and actionable insights
Threat Identifier Detections
Atomic detections that serve as the foundation of our detection framework.
Threat Scenario Detections
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
Reports Hot Off the Forge
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Insights of a Hunters International Intrusion from Oracle WebLogic
Hunters International, a ransomware-as-a-service group, exploited Oracle WebLogic vulnerabilities to target 245 organizations globally, including automotive, healthcare, and finance sectors. Leveraging advanced tools and tactics, their attacks involved credential theft, lateral movement, and data exfiltration. Forescout offers hunting tips to detect pre-ransomware indicators and mitigate future attacks.
Guam’s Strategic Role Makes It a Prime Target in China’s Cyber Warfare Playbook
Guam’s vital role in U.S. military operations makes it a key target for Chinese cyberattacks by Volt Typhoon. Hackers infiltrate critical infrastructure, employing stealthy tactics to avoid detection. These breaches threaten essential services and underscore the need for stronger public-private collaboration to protect Guam’s systems and U.S. strategic interests in the Indo-Pacific.
Threat Actors Capitalize on CVE-2024-49113 with Fraudulent Proof-of-Concept Exploit
Threat actors exploit CVE-2024-49113 (LDAPNightmare) by distributing a fake PoC containing malware. This DoS vulnerability, targeting Windows LDAP services, was disclosed in December 2024 and patched by Microsoft. Researchers warn of malicious repositories that steal system data under the guise of security tools, emphasizing the need for vigilance and prompt patching.
Stealthy Backdoor Eagerbee Malware Ensures Time-Sensitive Execution
Eagerbee is a stealthy backdoor malware tied to the CoughingDown group, targeting government and telecom sectors. It exploits vulnerabilities like ProxyLogon and evades detection using DLL hijacking and timestamp manipulation. Kaspersky researchers uncovered its modular design, enabling persistent access, data exfiltration, and lateral movement, posing significant risks to global organizations.
'Bad Likert Judge' Exposes Gaps in AI Content Moderation and Safety
Unit 42’s "Bad Likert Judge" jailbreak exploits LLM safety mechanisms using Likert scale scoring, enabling harmful content generation. Tested across major AI models, the technique increases attack success rates by over 60%. Researchers stress the importance of content filters but highlight their limitations in combating determined adversaries.
Chinese State Hackers Breach OFAC in Targeted Treasury Department Cyberattack
Chinese state-sponsored hackers breached the U.S. Treasury's OFAC, exploiting a compromised BeyondTrust API key. The attack accessed unclassified data, aligning with Beijing’s strategic interests. CISA confirmed no broader federal agency impact. The Treasury calls the breach a "major cybersecurity incident" with serious national security implications.
About the Forge & Threat Reports
Our mission is to assess the operational behaviors of all threats to provide the community, and our customers, with actionable information and enterprise-ready detections in order to defend themselves in an ever- changing threat landscape.
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
Whitepapers
The World's Best SOC Teams Use Anvilogic
.svg)
.svg)
.svg)
.png)
Build Detections You Want, Where You Want
