We curate threat intelligence to provide situational awareness and actionable insights
Threat Identifier Detections
Atomic detections that serve as the foundation of our detection framework.
Threat Scenario Detections
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
Reports Hot Off the Forge
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
New Ransomware Gang, Mad Liberator and the Abuse of AnyDesk
The Mad Liberator ransomware group, discovered by Sophos, exploits AnyDesk to gain unauthorized system access. By leveraging social engineering and remote access vulnerabilities, they quickly exfiltrate data. Their tactics, focusing on speed and data theft, highlight the need for strict access controls and awareness of remote access risks.
STAC6451's Persistent Attacks on India's Exposed SQL Servers
Sophos has uncovered persistent attacks by the threat group STAC6451 on India's Microsoft SQL Servers. The attackers exploit weak passwords, deploy Mimic ransomware, and use sophisticated tactics, though their operations show some flaws. This campaign, targeting multiple sectors, underscores the need for stronger security practices in exposed database servers.
Exposed .env Files Open Doors to Widespread AWS Cloud Compromises
Unit 42 has uncovered a significant AWS cloud security breach caused by exposed .env files containing sensitive credentials. This campaign targeted over 110,000 domains, leading to unauthorized access, data exfiltration, and ransom demands. The incident highlights the dangers of cloud misconfigurations and the importance of securing environment variables.
From Spear-Phishing to AI: The Evolving Threat Landscape of the 2024 U.S. Presidential Election
The 2024 U.S. election faces cyber threats from Iran, Russia, and China. Microsoft's Threat Analysis Center reveals that while AI plays a role, traditional cyberattacks and influence operations remain dominant. Iranian groups like Sefid Flood and Mint Sandstorm are particularly active, targeting electoral processes and public trust with increasingly sophisticated methods.
Cybercriminals Misuse Cloudflare Tunnels for RAT Distribution
Threat actors are leveraging Cloudflare's free tunneling service to distribute remote access trojans (RATs) like AsyncRAT, Xworm, and others. Since February 2024, campaigns have escalated, targeting sectors like finance, technology, and manufacturing. Organizations must enhance monitoring and restrict unverified scripts to counter this sophisticated malware delivery method.
BlackSuit Ransomware Continues Rampage, Linked to Royal's Legacy
BlackSuit ransomware, an evolved form of the infamous Royal ransomware, is wreaking havoc globally. With ransom demands reaching $60 million, it utilizes advanced attack strategies, including phishing and RDP exploits. Organizations must bolster defenses against this threat by securing access points, patching vulnerabilities, and maintaining secure backups.
About the Forge & Threat Reports
Our mission is to assess the operational behaviors of all threats to provide the community, and our customers, with actionable information and enterprise-ready detections in order to defend themselves in an ever- changing threat landscape.
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
Whitepapers
The World's Best SOC Teams Use Anvilogic
.svg)
.svg)
.svg)
.png)
Build Detections You Want, Where You Want
