We curate threat intelligence to provide situational awareness and actionable insights
Threat Identifier Detections
Atomic detections that serve as the foundation of our detection framework.
Threat Scenario Detections
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
Reports Hot Off the Forge
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Russian Cyber Espionage Hits Microsoft: Leadership Emails Exfiltrated in Breach
Russian group Midnight Blizzard breached Microsoft, starting with a password spray attack on a legacy account. They compromised email accounts of senior leadership, exploiting an absence of MFA and abusing OAuth applications. The attack is part of a broader campaign targeting government and tech sectors in the U.S. and Europe.
BianLian's Evolving Tactics Tracked with Connections to Makop
BianLian ransomware, tracked by Unit 42, targets diverse sectors globally, using compromised credentials and exploiting vulnerabilities like ProxyShell. Their methods align with Makop's, suggesting shared resources. BianLian's shift from double extortion to data extortion tactics indicates a trend towards faster, more direct ransomware strategies.
Kassika Ransomware Gang Emerges with Signs of Familiarity
The Kassika ransomware gang, identified by Trend Micro, uses the BYOVD tactic for attacks, notably targeting the Martini driver. They exhibit code similarities with the defunct BlackMatter gang, initiating attacks through phishing and leveraging tools like PsExec. Kassika's encryption techniques and ransom demands reflect advanced, evolving cyber threats.
The Ransomware Surge & Techniques Revealed in the Wave of Attacks
The report by Cisco Talos spotlights a significant rise in ransomware, introducing strains like Play and BlackSuit. Key targets include education and manufacturing. The study underscores the critical role of Multi-Factor Authentication and the necessity of comprehensive cybersecurity strategies against these sophisticated and evolving cyber threats.
Chinese Drones Pose Significant Risk to Critical U.S. Infrastructure, CISA Reports
CISA and the FBI warn that Chinese drones pose a significant risk to U.S. critical infrastructure, driven by vulnerabilities that could lead to data theft or network compromises. The advisory emphasizes the importance of secure UAS procurement and operation, aligning with secure-by-design principles and robust cybersecurity measures.
Docker Containers Hijacked for 9hits Traffic and Cryptomining in a Dual-Monetization Attack
Cado Security reveals a unique dual-monetization attack on Docker containers, employing both the 9hits traffic exchange and XMRig cryptomining. This strategy exploits cloud resources by generating traffic for credits and mining cryptocurrency, marking a new phase in the sophistication and creativity of cloud-based cyber threats.
About the Forge & Threat Reports
Our mission is to assess the operational behaviors of all threats to provide the community, and our customers, with actionable information and enterprise-ready detections in order to defend themselves in an ever- changing threat landscape.
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
Whitepapers
The World's Best SOC Teams Use Anvilogic
.svg)
.svg)
.svg)
.png)
Build Detections You Want, Where You Want
