We curate threat intelligence to provide situational awareness and actionable insights
Threat Identifier Detections
Atomic detections that serve as the foundation of our detection framework.
Threat Scenario Detections
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
Reports Hot Off the Forge
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Iranian Influence Attempt Using AI Foiled by OpenAI
OpenAI disrupted an influence campaign led by Iranian threat actors "Storm-2035" that used AI-generated content to sway opinions on U.S. elections. The operation failed to gain significant engagement, and OpenAI swiftly banned the accounts involved, sharing findings with government stakeholders to reinforce defenses.
FOG Ransomware Remains a Major Threat to Educational Institutions in 2024
The FOG ransomware group, active since May 2024, continues to target educational institutions using compromised VPN credentials. Recent reports from Arctic Wolf and Kroll reveal FOG's adoption of double extortion tactics, including data exfiltration and encryption. Key defense strategies emphasize detecting these evolving techniques and safeguarding networks.
Play Ransomware Intrusion Thwarted by Trend Micro
Trend Micro's Managed Detection and Response team successfully thwarted a Play ransomware attack exploiting the Citrix Bleed vulnerability (CVE-2023-4966). The attackers used SYSTEMBC malware and PsExec but were stopped before causing damage. Trend Micro highlights key defense strategies like patching, MFA, and network segmentation to prevent future incidents.
APT42's Cyber Tactics From Credential Theft to Election Interference
APT42, a cyberespionage group tied to the Iranian government, targets sectors like aerospace and defense through credential theft and phishing. Google TAG reports their attempts to interfere in the 2024 U.S. election, targeting political figures. Their activities highlight the group's focus on gathering sensitive information and influencing global affairs.
New Ransomware Gang, Mad Liberator and the Abuse of AnyDesk
The Mad Liberator ransomware group, discovered by Sophos, exploits AnyDesk to gain unauthorized system access. By leveraging social engineering and remote access vulnerabilities, they quickly exfiltrate data. Their tactics, focusing on speed and data theft, highlight the need for strict access controls and awareness of remote access risks.
STAC6451's Persistent Attacks on India's Exposed SQL Servers
Sophos has uncovered persistent attacks by the threat group STAC6451 on India's Microsoft SQL Servers. The attackers exploit weak passwords, deploy Mimic ransomware, and use sophisticated tactics, though their operations show some flaws. This campaign, targeting multiple sectors, underscores the need for stronger security practices in exposed database servers.
About the Forge & Threat Reports
Our mission is to assess the operational behaviors of all threats to provide the community, and our customers, with actionable information and enterprise-ready detections in order to defend themselves in an ever- changing threat landscape.
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
Whitepapers
The World's Best SOC Teams Use Anvilogic
.svg)
.svg)
.svg)
.png)
Build Detections You Want, Where You Want
