We curate threat intelligence to provide situational awareness and actionable insights
Threat Identifier Detections
Atomic detections that serve as the foundation of our detection framework.
Threat Scenario Detections
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
Reports Hot Off the Forge
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
CISA Updates #StopRansomware Advisory for AvosLocker
The FBI and CISA, in a joint Cybersecurity Advisory, provide an updated deep dive into the operations of the AvosLocker ransomware gang, a Ransomware-as-a-Service entity active as of May 2023. AvoLockers targets multiple critical infrastructure sectors in the U.S., encompassing Windows, Linux, and VMware ESXi systems. They employ a plethora of legitimate software and open-source tools, ranging from remote administration to custom webshells. Known for their double-extortion tactics, AvosLocker uses tools like Cobalt Strike, Lazagne, Mimikatz, FileZilla, and more.
Ukraine Braces Defense on Power Grid Amist Winter Season
As winter looms, Ukraine is intensifying efforts to protect its already vulnerable energy infrastructure from further threats. Following the Russian invasion in 2022, the country witnessed extensive damage to its power stations, missile attacks, and an ever-present risk of cyberattacks. The Economist reports a significant 51% reduction in power-generating capacity in April 2023, compared to pre-invasion levels.
FBI Alerts Public of Increased 'phantom hacker' Scams
The FBI's recent public service announcement draws attention to the escalating "Phantom Hacker" scam, a refined version of tech support scams. Through a layered approach, impersonating tech support, bank agents, and government officials, attackers deceive victims into installing remote access software and transferring funds to scammer-controlled accounts.
Linux Distributions on Alert as "Looney Tunables" Vulnerability Threatens Root Access
The Qualys Threat Research Unit unveils "Looney Tunables," a dangerous vulnerability in the GNU C Library affecting several Linux distributions. This flaw, granting potential root privileges, impacts prominent distributions such as Fedora, Ubuntu, and Debian. The ease of exploiting this vulnerability, especially with the recent public disclosure of a functional exploit, intensifies the urgency for patches and heightened security measures.
"AMBERSQUID" Cryptojacking Ops Generates a High Dollar Resource Bill
Sysdig researchers unveil "AMBERSQUID," a cloud-native cryptojacking operation that cunningly uses AWS services to its advantage. Leveraging often-overlooked services like AWS Amplify and Amazon SageMaker, the attackers can potentially generate over $10,000 in daily charges. This sneaky approach, likely orchestrated by Indonesian attackers, bypasses the AWS checks for resource approval, complicating incident responses.
Espionage Campaign 'Operation Jacana' Targets Guyana Government Agency
ESET researcher Fernando Tavella reports an espionage campaign named "Operation Jacana" targeting a Guyana government agency. Originating from a spearphishing email, this operation, likely backed by a China-aligned threat actor, lured targets using contemporary geopolitical events. The emails directed users to a ZIP file, which, when accessed, launched the "DinodasRAT" backdoor malware into the user's system.
About the Forge & Threat Reports
Our mission is to assess the operational behaviors of all threats to provide the community, and our customers, with actionable information and enterprise-ready detections in order to defend themselves in an ever- changing threat landscape.
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
Whitepapers
The World's Best SOC Teams Use Anvilogic
.svg)
.svg)
.svg)
.png)
Build Detections You Want, Where You Want
