We curate threat intelligence to provide situational awareness and actionable insights
Threat Identifier Detections
Atomic detections that serve as the foundation of our detection framework.
Threat Scenario Detections
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
Reports Hot Off the Forge
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Earth Krahang's Wide-Reaching Cyber Espionage Tactics and Targets
Trend Micro's report highlights Earth Krahang's cyber espionage impacting various sectors globally, including defense, government, and technology. Utilizing malware and spear-phishing, this Chinese threat actor has compromised over 70 organizations in 45 countries. Techniques like CVE exploitation and malicious email campaigns enable Earth Krahang to infiltrate and exfiltrate data from targeted entities, underlining the need for robust cyber defense strategies.
Understanding the Cyber Threat Powerhouse Muddled Libra
Unit 42's analysis presents Muddled Libra as an advanced threat group, utilizing social engineering alongside technological prowess, distinct from similar groups by their broad targeting and adaptable tactics. With over 200 fake portals and targeted smishing, Muddled Libra adeptly collects credentials and MFA codes, evidencing their capacity to maneuver around defensive measures and exploit IT support. Their understanding of incident response frameworks further underscores their threat, necessitating vigilant cybersecurity strategies against their evolving methodologies.
Intricate MSSQL Attack Sequence Revealed
Huntress researchers unveiled a complex MSSQL server attack initiated through the xp_cmdshell stored procedure, leading to the stealthy transfer of data and the installation of remote access tools within minutes. This operation detailed the creation of a new user account, adjustments to registry settings for credential harvesting, and the setup of AnyDesk for persistent access. The sequence of these actions showcases the attackers' precision and the critical need for monitoring similar patterns to enhance early intrusion detection strategies.
Lessons from a 30-Day ALPHV/Blackcat Ransomware Intrusion
Sygnia's investigation into a 30-day ALPHV/Blackcat ransomware attack uncovers the attackers' exploitation of a trusted third-party and their strategic patience. The attack navigated both on-premises and Azure environments, utilizing methods like privilege escalation, Cobalt Strike, and data exfiltration tactics. The incident underscores the importance of data-driven actions, network isolation, and understanding the scope of stolen data for handling extortion demands effectively. This case highlights the evolving threat landscape and the necessity for preparedness in cybersecurity defense strategies.
Rapid Exploitation and A Coordinated Intrusion from Cactus Ransomware
Bitdefender's report on a Cactus ransomware attack shows rapid exploitation of a newly disclosed vulnerability, leading to a coordinated assault on two companies. It underscores the importance of quick vulnerability management and details the attackers' strategic steps, from credential theft to final encryption, showcasing the evolving threat landscape and the criticality of readiness against such opportunistic attacks.
FBI Reports $12.5 Billion Lost to Fraud in 2023 as Cybercrime Reaches New Heights
The FBI's 2023 Internet Crime Report highlights a sharp increase in cybercrime, with $12.5 billion in losses reported by Americans, marking a 22% increase from the previous year. Investment fraud, especially in cryptocurrency, and phishing were the most prominent, with investment fraud losses soaring to $4.57 billion. The demographic most affected spans from individuals aged 30 to 49. Phishing complaints dominated cybercrime categories, significantly surpassing other types like personal data breaches and extortion. Business Email Compromise (BEC) scams and ransomware attacks were notably costly, with BEC scams alone causing $2.9 billion in losses.
About the Forge & Threat Reports
Our mission is to assess the operational behaviors of all threats to provide the community, and our customers, with actionable information and enterprise-ready detections in order to defend themselves in an ever- changing threat landscape.
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
Whitepapers
The World's Best SOC Teams Use Anvilogic
.svg)
.svg)
.svg)
.png)
Build Detections You Want, Where You Want
