We curate threat intelligence to provide situational awareness and actionable insights
Threat Identifier Detections
Atomic detections that serve as the foundation of our detection framework.
Threat Scenario Detections
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
Reports Hot Off the Forge
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
New Tactics from Earth Kasha Reveal an Interconnected Umbrella of China-Nexus Adversaries
Earth Kasha, a China-linked threat actor tied to the APT10 umbrella, has targeted Japan, Taiwan, and India since 2019. Using LODEINFO malware and zero-day exploits, Earth Kasha infiltrates networks for espionage. Overlapping tactics with Earth Tengshe highlight a shared infrastructure among China-nexus cyber adversaries.
BlackSuit Ransomware Group 93 Victims and Rising Amid Escalating Activities
The BlackSuit ransomware group, evolved from Royal ransomware, has compromised 93 victims since May 2023. Targeting industries such as education, construction, and healthcare, this gang employs phishing, stolen credentials, and advanced tools for attacks. Their encryption spans Windows, Linux, and ESXi systems, demanding ransoms tied to victim revenues.
Joint FBI-CISA Advisory Informs Chinese Espionage on U.S. Telecom Firms
The FBI and CISA confirm PRC-linked cyber actors breached U.S. telecom firms, including AT&T and Verizon, enabling data theft and espionage targeting government and political communications. Hackers accessed court-authorized wiretap systems and call records. Agencies advise organizations to contact authorities for support amid ongoing investigations into these national security breaches.
UAC-0194’s Exploitation of CVE-2024-43451 in Ukraine for Phishing
ClearSky links UAC-0194 to phishing attacks exploiting CVE-2024-43451, targeting Ukrainian government, education, and research sectors. Using malicious URL files, attackers capture NTLM hashes and deploy SparkRAT malware for persistence. CERT-UA urges immediate application of Microsoft’s November 2024 patch to mitigate this critical vulnerability in Windows systems.
Varied Attack Chains from Earth Estries Uncover New Espionage Tactics
Trend Micro unveils Earth Estries' cyberattacks, highlighting two advanced attack chains. The group exploits vulnerabilities, uses backdoor malware like Crowdoor and Snappybee, and employs tools for data exfiltration. Linked to Salt Typhoon, Earth Estries adapts its tactics to persist and collect sensitive information, targeting global government, telecom, and technology sectors.
FBI Flags Fraudulent Emergency Data Requests Using Compromised Government Emails
The FBI reports a surge in cybercriminals exploiting compromised government emails to submit fraudulent emergency data requests, targeting U.S. companies with urgent false claims. Initially popularized by groups like Lapsus$, this tactic now circulates on cyber forums. The FBI urges businesses to verify requests and strengthen security protocols against this escalating threat.
About the Forge & Threat Reports
Our mission is to assess the operational behaviors of all threats to provide the community, and our customers, with actionable information and enterprise-ready detections in order to defend themselves in an ever- changing threat landscape.
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
Whitepapers
The World's Best SOC Teams Use Anvilogic
.svg)
.svg)
.svg)
.png)
Build Detections You Want, Where You Want
