We curate threat intelligence to provide situational awareness and actionable insights
Threat Identifier Detections
Atomic detections that serve as the foundation of our detection framework.
Threat Scenario Detections
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
Reports Hot Off the Forge
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
NATO Faces Increasing Cyber Attacks Amidst Geopolitical Tensions
Mandiant's report highlights escalating cyber threats to NATO amidst geopolitical tensions. State-sponsored groups like Russia's APT29 and Chinese actors engage in cyber espionage, while hacktivist groups increase disruptive attacks. The report underscores the dual threats of espionage and destructive cyberattacks targeting NATO's critical infrastructure.
HappyDoor Malware's Continuous Development by Kimsuky
ASEC's report reveals the ongoing evolution of HappyDoor malware by the North Korean group Kimsuky. First identified in 2021, the malware now features advanced info-stealing and backdoor capabilities. Distributed via spear-phishing, HappyDoor encrypts and exfiltrates data, using tools like ngrok and Chrome Remote Desktop for persistent access.
Red Canary: Thwarts Ransomware From Early Signs of Malicious PowerShell
In June 2024, Red Canary prevented a ransomware attack on a major city hospital by detecting malicious PowerShell activity. The attack, originating from a webshell on a Microsoft Exchange server, was stopped before it could impact patient care. Key steps included monitoring for suspicious PowerShell activity and preventing the disabling of Windows Defender.
Cybersecurity Agencies Reveal Tactics of a Prolific Chinese Hacking Group
The ASD’s ACSC and CISA reveal the activities of APT40, a Chinese state-sponsored hacking group targeting global networks. Known for exploiting vulnerabilities in critical infrastructure, APT40 uses compromised devices to evade detection and exfiltrate sensitive data. Defensive measures include applying security patches, deploying web application firewalls, and replacing outdated networking devices.
New "regreSSHion" Vulnerability - CVE-2024-6387, Could Enable Remote Code Execution on Linux
The newly discovered regreSSHion vulnerability (CVE-2024-6387) in OpenSSH allows remote code execution on glibc-based Linux systems. Found by Qualys, this flaw affects versions 8.5p1 to 9.7p1. Updating to version 9.8p1 or later is essential to mitigate this severe threat and secure your systems.
GrimResource Attack Exploits Old XSS Flaw in Microsoft Management Console
Elastic researchers uncover GrimResource, a novel attack technique exploiting an old XSS flaw in Microsoft Management Console (mmc.exe). Attackers use this vulnerability to execute arbitrary code via a maliciously crafted MSC file, leading to unauthorized access and system takeover, ultimately deploying Cobalt Strike. Securing against this flaw is essential to prevent exploitation.
About the Forge & Threat Reports
Our mission is to assess the operational behaviors of all threats to provide the community, and our customers, with actionable information and enterprise-ready detections in order to defend themselves in an ever- changing threat landscape.
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
Whitepapers
The World's Best SOC Teams Use Anvilogic
.svg)
.svg)
.svg)
.png)
Build Detections You Want, Where You Want
