We curate threat intelligence to provide situational awareness and actionable insights
Threat Identifier Detections
Atomic detections that serve as the foundation of our detection framework.
Threat Scenario Detections
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
Reports Hot Off the Forge
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
From Brute Force to Cryptojacking with Prometei Botnet
Trend Micro details Prometei botnet’s cryptojacking and credential theft operations, affecting over 10,000 systems worldwide. Exploiting BlueKeep and Microsoft Exchange vulnerabilities, attackers gain access and mine Monero, leveraging self-updating features for persistence. Prometei’s evasion tactics include registry modifications, firewall rules, and PowerShell exclusions to avoid detection.
Iranian Cyber Actors Target Critical Infrastructure with Credential Theft Campaigns
A joint CISA report reveals that Iranian cyber actors are attacking critical infrastructure, notably in energy, healthcare, and government. Using brute-force tactics like password spraying and MFA push bombing, these actors steal credentials and network data, selling access to cybercriminals. Stronger authentication and vigilant monitoring are crucial to defense.
NICKEL TAPESTRY: North Korean IT Contractors Use Fake Identities to Infiltrate and Extort Western Companies
Secureworks identifies NICKEL TAPESTRY, a North Korean group infiltrating Western firms by using fake identities in IT roles. These contractors steal sensitive data and demand cryptocurrency ransoms. Tactics include using personal laptops, remote access tools, and avoiding video calls. Companies are advised to intensify background checks and monitor remote access.
Microsoft Details Escalating Cyberattacks on Educational Institutions
Cyberattacks on educational institutions are surging, targeting vulnerabilities in IT infrastructure and exploiting sensitive data. Microsoft reports an average of 2,507 attacks weekly on this sector, with threats ranging from phishing to malware. Proactive cyber hygiene and centralized security strategies are essential to defend against these evolving risks.
OilRig Intensifies Cyberattacks on Critical Infra. in the Gulf
Trend Micro reports an increase in OilRig’s cyber espionage attacks on critical infrastructure in the Gulf, with a focus on government and energy sectors in the UAE. Exploiting CVE-2024-30088, OilRig exfiltrates sensitive data and uses compromised systems for supply chain attacks. Vigilant patching and mitigation are crucial defenses.
Authorities Alert Public to Hurricane Milton-Related Scams and Fraud
CISA and the FTC warn the public about scams related to Hurricane Milton, including fake charities and disaster relief fraud. Scammers use trusted platforms to deceive victims. Americans are urged to verify aid sources and report suspicious activities. Stay vigilant and rely on trusted agencies like FEMA for assistance.
About the Forge & Threat Reports
Our mission is to assess the operational behaviors of all threats to provide the community, and our customers, with actionable information and enterprise-ready detections in order to defend themselves in an ever- changing threat landscape.
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
Whitepapers
The World's Best SOC Teams Use Anvilogic
.svg)
.svg)
.svg)
.png)
Build Detections You Want, Where You Want
