We curate threat intelligence to provide situational awareness and actionable insights
Threat Identifier Detections
Atomic detections that serve as the foundation of our detection framework.
Threat Scenario Detections
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
Reports Hot Off the Forge
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
U.S. Treasury Sanctions Sichuan Silence for Firewall Exploits and Ransomware Attacks
The U.S. Treasury sanctioned Sichuan Silence and Guan Tianfeng for exploiting a Sophos firewall zero-day vulnerability to deploy the Asnarök Trojan and attempt Ragnarok ransomware attacks. The campaign compromised over 81,000 firewalls globally, including critical U.S. infrastructure, prompting asset freezes and an indictment for Guan's cybersecurity activities.
Secret Blizzard Leverages Rival Infrastructure to Target Ukrainian Military in Espionage Campaign
Microsoft identifies Russian group Secret Blizzard exploiting rival malware infrastructure to target Ukrainian military systems, focusing on devices using Starlink internet. The group deploys KazuarV2 backdoors, uses DLL sideloading for stealth, and conducts extensive system reconnaissance, highlighting their advanced capabilities and prioritization of Ukrainian military intelligence.
Four-Month Espionage Campaign Hits U.S. Organization, Compromising Five Workstations
Symantec uncovered a four-month espionage campaign targeting a U.S. organization, attributed to China-based actors. The attackers compromised five workstations, employing WMI, DLL sideloading, and credential dumping. Advanced techniques enabled lateral movement, email theft, and evasion, underscoring the persistence and sophistication of the threat.
FBI Warns of Rising AI-Driven Financial Fraud Schemes
The FBI warns of rising AI-driven fraud schemes exploiting generative AI for phishing, deepfakes, and scams. Criminals use AI-generated text, images, and audio to deceive victims at scale. Vigilance against suspicious messages, verifying identities, and reducing personal social media exposure are key defenses against this growing cybercrime threat.
White House Warns of Salt Typhoon Hacker Threat Greater Than Anticipated
Salt Typhoon, a Chinese state-sponsored hacking group, has infiltrated eight U.S. telecom companies in a global espionage campaign. Exploiting network vulnerabilities, the group targets sensitive communications. Federal agencies urge stronger cybersecurity measures as the White House stresses the urgency of combating this persistent and severe threat.
Credential Dumping Campaign with Atera Agent Linked to MuddyWater
MuddyWater, an Iranian cyber espionage group, is linked to a credential theft campaign targeting global organizations. Using phishing emails, malicious Onehub links, and Atera RMM tools, the group executes PowerShell scripts for registry backups and network domain enumeration. Sophos reports similar attacks in Israel and the U.S., signaling a broader threat.
About the Forge & Threat Reports
Our mission is to assess the operational behaviors of all threats to provide the community, and our customers, with actionable information and enterprise-ready detections in order to defend themselves in an ever- changing threat landscape.
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
Whitepapers
The World's Best SOC Teams Use Anvilogic
.svg)
.svg)
.svg)
.png)
Build Detections You Want, Where You Want
