We curate threat intelligence to provide situational awareness and actionable insights
Threat Identifier Detections
Atomic detections that serve as the foundation of our detection framework.
Threat Scenario Detections
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
Reports Hot Off the Forge
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
OpenAI Details Threat Actors Use AI Models for Cyber Operations
OpenAI's 2024 threat report highlights how groups such as SweetSpecter and CyberAv3ngers are using AI models to enhance cyber operations, from debugging malware to running covert influence campaigns. Despite AI’s role, OpenAI successfully disrupted over 20 operations and continues to monitor evolving threats as the U.S. elections approach.
DragonForce’s RaaS Operation Launches Widespread Attacks with 82 Victims and Counting
DragonForce launched a RaaS affiliate program, targeting 82 victims worldwide using ransomware based on LockBit 3.0 and ContiV3 code. Their double extortion tactics, customization tools for affiliates, and aggressive attack methods—including BYOVD and shadow copy deletion—pose significant threats to sectors like manufacturing, healthcare, and transportation.
A Growing Trend of BEC Attacks Misusing Legitimate File Sharing Platforms
Microsoft reports a surge in BEC attacks using legitimate platforms like SharePoint and OneDrive. These attacks evade detection by sending legitimate file-sharing notifications, luring victims into re-authenticating and exposing credentials. Threat actors then use compromised accounts to expand their reach and conduct further attacks.
Royal Mail Impersonated in Latest Prince Ransomware Phishing Scam
Proofpoint researchers unveil a phishing campaign that impersonates Royal Mail to deliver Prince ransomware. Active in the UK and US, the campaign uses public contact forms and direct emails, leveraging ZIP files with malicious scripts. Despite no clear attribution, the ransomware is available on GitHub for free.
Perfctl Malware Adapts and Evades Detection Targeting Linux Servers
Aqua Security researchers uncover the perfctl malware targeting Linux servers by exploiting misconfigurations and vulnerabilities like CVE-2021-4034. The malware adapts to evade detection, impacts server operations, and is linked to cryptomining. It uses stealth tactics, including masking processes and leveraging user-agent filtering to deliver payloads.
A more_eggs Malware Infection From Recruitment Scams
The more_eggs malware, part of the Golden Chickens malware-as-a-service (MaaS) toolkit, continues to spread through fake job recruitment scams. Threat actors like FIN6 and the Cobalt Group are leveraging this toolkit to target industries involved in hiring, particularly finance and retail, using deceptive social engineering techniques.
About the Forge & Threat Reports
Our mission is to assess the operational behaviors of all threats to provide the community, and our customers, with actionable information and enterprise-ready detections in order to defend themselves in an ever- changing threat landscape.
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
Whitepapers
The World's Best SOC Teams Use Anvilogic
.svg)
.svg)
.svg)
.png)
Build Detections You Want, Where You Want
