We curate threat intelligence to provide situational awareness and actionable insights
Threat Identifier Detections
Atomic detections that serve as the foundation of our detection framework.
Threat Scenario Detections
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
Reports Hot Off the Forge
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
APT29 Executes Large-Scale RDP Attack Campaign Focused on Espionage and Data Theft
APT29 (Earth Koshchei) launched a massive RDP campaign targeting defense, government, and technology sectors. Spear-phishing emails delivered rogue RDP files, connecting victims to attacker-controlled servers. The group used MITM tools like PyRDP to intercept sessions, exfiltrate sensitive data, and evade detection, marking a sophisticated espionage effort.
Surge in Black Basta Ransomware And DarkGate Activity with Strategic Social Engineering Approach
Black Basta ransomware and DarkGate malware campaigns are rising, leveraging phishing and impersonation to deploy RMM tools for credential harvesting. Reports from Rapid7 and Trend Micro reveal evolving tactics, including custom packers, defense evasion, and persistence through registry modifications, culminating in ransomware deployment to encrypt data and disrupt operations.
U.S. Investigates TP-Link Routers Over National Security and Cyberattack Concerns
The U.S. investigates TP-Link routers over national security and cyberattack concerns linked to Chinese threat actors. Federal scrutiny includes potential vulnerabilities exploited in botnet operations and antitrust violations for low-cost pricing strategies. A ban on TP-Link devices is possible, impacting its dominant presence in the SOHO router market.
CISA Advises Switching to Signal for Secure Mobile Communication
CISA advises using Signal for secure communication amid cyber espionage by Salt Typhoon, linked to Chinese operations. Highly targeted individuals, including senior officials, should adopt encrypted messaging, enable phishing-resistant MFA, and update devices to modernize security. Measures include Lockdown Mode on iPhones and Private DNS for Android users.
Critical Apache Struts Vulnerability CVE-2024-53677 Exploited in Active Attacks
Apache Struts CVE-2024-53677, a critical RCE vulnerability in file upload handling, is exploited in active attacks. Affected Struts versions require upgrading to 6.4.0+ and implementing the new Action File Upload mechanism. Security agencies globally urge immediate action as attackers leverage PoC code for system enumeration and malicious uploads.
Months-Long Cyber Espionage Operation Hits Key Industries in Southeast Asia
A cyber espionage campaign has targeted critical industries in Southeast Asia, including aviation, government, media, and telecommunications, since October 2023. Leveraging LOLBins and remote access tools, attackers exfiltrated sensitive data and maintained stealth. Though tactics align with Chinese APT groups, specific attribution remains inconclusive.
About the Forge & Threat Reports
Our mission is to assess the operational behaviors of all threats to provide the community, and our customers, with actionable information and enterprise-ready detections in order to defend themselves in an ever- changing threat landscape.
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
Whitepapers
The World's Best SOC Teams Use Anvilogic
.svg)
.svg)
.svg)
.png)
Build Detections You Want, Where You Want
