We curate threat intelligence to provide situational awareness and actionable insights
Threat Identifier Detections
Atomic detections that serve as the foundation of our detection framework.
Threat Scenario Detections
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
Reports Hot Off the Forge
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Akira Ransomware Gains Momentum, Favoring U.S. Targets Across Critical Sectors
The Akira ransomware gang is escalating attacks on U.S. critical sectors using advanced, cross-platform tactics. Leveraging a double-extortion RaaS model, Akira exploits compromised credentials, vulnerable systems, and advanced evasion techniques. Its connections to Conti, LockBit, and new Rust-based Akira_v2 variants signal a growing cyber threat demanding urgent attention from organizations.
Black Basta’s Strategic Shift Combines Technical Precision with Human Exploitation
Black Basta advances ransomware tactics, blending social engineering with technical precision. Impersonation campaigns exploit Microsoft Teams and email platforms, while tools like DarkGate and Knotrock facilitate attacks on high-value sectors. RedSense notes their disciplined operations, raising concerns about possible collaboration with Russian state actors and escalating cyber threats.
Continued Unraveling of Earth Estries and Its Impact on Critical Infrastructure
Earth Estries, a Chinese APT group, has compromised over 20 global organizations across critical sectors. Leveraging tools like GHOSTSPIDER and exploiting vulnerabilities in VPNs and firewalls, the group conducts long-term cyberespionage. Trend Micro links Earth Estries to Salt Typhoon, highlighting shared tactics and geopolitical implications for victims.
CISA Updates BianLian Ransomware Advisory with Shift to Pure Data Extortion
CISA's update reveals BianLian's shift to exclusive data extortion tactics, abandoning encryption in favor of exfiltration. Targeting critical infrastructure worldwide, the group exploits vulnerabilities, uses phishing campaigns, and applies pressure tactics like threats and ransom note printing. CISA highlights advanced TTPs, emphasizing BianLian's evolving cyber threat to organizations.
LIMINAL PANDA Threat Actor Exploits Global Telecoms for Espionage Operations
LIMINAL PANDA, a state-sponsored group linked to China, targets global telecoms for signals intelligence. Using tools like CordScan and SIGTRANslator, the group collects mobile subscriber data, call metadata, and SMS records. CrowdStrike highlights their focus on telecom protocols and ties to China’s geopolitical interests, posing a critical infrastructure threat.
EPA Inspector General Exposes Potentially Severe Cyber Risks in Water Systems
The EPA’s Inspector General report identifies high-risk cybersecurity vulnerabilities in 97 U.S. drinking water systems, endangering public health and infrastructure. With no dedicated incident reporting system, response delays could escalate risks, potentially leading to service disruptions with billions in economic losses. Recommendations include creating a national cybersecurity strategy for water systems.
About the Forge & Threat Reports
Our mission is to assess the operational behaviors of all threats to provide the community, and our customers, with actionable information and enterprise-ready detections in order to defend themselves in an ever- changing threat landscape.
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
Whitepapers
The World's Best SOC Teams Use Anvilogic
.svg)
.svg)
.svg)
.png)
Build Detections You Want, Where You Want
