We curate threat intelligence to provide situational awareness and actionable insights
Threat Identifier Detections
Atomic detections that serve as the foundation of our detection framework.
Threat Scenario Detections
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
Reports Hot Off the Forge
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Government Agencies Warn of ALPHV's Aggression Against Healthcare Organizations
The FBI, CISA, and HHS have issued a joint cybersecurity advisory warning of increased ALPHV/Blackcat ransomware attacks on the healthcare sector. Despite actions against the gang in December 2023, their activity persists with enhanced tactics. The advisory highlights the use of sophisticated tools and techniques, emphasizing the healthcare industry's need for heightened security measures and vigilance.
LockBit Ransomware Infrastructure Dismantled in Multi-Country 'Operation Cronos' Effort
'Operation Cronos,' a collaborative effort by law enforcement in ten countries, has significantly disrupted the LockBit ransomware group, leading to the takedown of 34 servers and the arrest of two major actors. This operation, which inflicted billions in damages globally, showcases the international commitment to combating cybercrime. Despite the takedown, LockBit vows to continue operations, hinting at increased targeting of governmental sectors. This unfolding scenario underscores the persistent and evolving threat of ransomware and the importance of global cooperation in cybersecurity efforts.
Critical Vulnerabilities in ScreenConnect Remote Access Software Dubbed 'SlashAndGrab'
ConnectWise's ScreenConnect faces critical vulnerabilities, CVE-2024-1709 and CVE-2024-1708, enabling authentication bypass and path traversal attacks. Labeled 'SlashAndGrab' by cybersecurity experts, these flaws pose severe risks including remote code execution and data compromise. Urgent patching is advised for versions up to 23.9.7, with exploitation leading to LockBit ransomware and AsyncRAT deployment. Detection guidance includes monitoring ScreenConnect directories for suspicious file modifications and leveraging Advanced Auditing policies.
BfV and NIS Issue Joint Advisory on North Korean Cyber Threats to Defense and Research Sectors
Germany's BfV and South Korea's NIS issue a joint advisory on North Korean cyber-espionage targeting defense and research sectors. Highlighting campaigns like a sophisticated supply-chain attack and "Operation Dream Job," the advisory emphasizes the need for robust security measures. Techniques include social engineering and malware deployment, aiming to exfiltrate military technologies. Recommendations include enforcing least privilege, strong passwords, and multi-factor authentication to mitigate these threats.
Key Detection Indicators of Midnight Blizzard's Attack on Microsoft Decoded by Splunk
Splunk researchers unveil the tactics of Midnight Blizzard in their November 2023 Microsoft attack. Highlighting password spray attacks and critical vulnerabilities, the report offers a blueprint for detecting such compromises. Key indicators include high login failures and unusual application configuration changes, emphasizing the need for vigilant monitoring of security systems to thwart these state-sponsored threats.
OpenAI and Microsoft Thwart State-Backed Cyber Threats Exploiting AI
OpenAI and Microsoft have jointly countered attempts by five state-affiliated threat actors, including Charcoal Typhoon and Salmon Typhoon from China, Crimson Sandstorm from Iran, Emerald Sleet from North Korea, and Forest Blizzard from Russia, aiming to exploit AI services for cyber espionage and operational goals. Actions taken include terminating associated accounts and enhancing AI safety through monitoring, collaboration, and the development of safety mitigations. This collaboration highlights the importance of securing AI technologies against sophisticated threats and the commitment to advancing AI security measures.
About the Forge & Threat Reports
Our mission is to assess the operational behaviors of all threats to provide the community, and our customers, with actionable information and enterprise-ready detections in order to defend themselves in an ever- changing threat landscape.
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
Whitepapers
The World's Best SOC Teams Use Anvilogic
.svg)
.svg)
.svg)
.png)
Build Detections You Want, Where You Want
