We curate threat intelligence to provide situational awareness and actionable insights
Threat Identifier Detections
Atomic detections that serve as the foundation of our detection framework.
Threat Scenario Detections
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
Reports Hot Off the Forge
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Persistent Threats from the East: Stately Taurus's Ongoing Campaigns Revealed
Unit42 identifies a meticulous cyberespionage campaign orchestrated by Stately Taurus (also known as Mustang Panda and Earth Preta) against Southeast Asian governments from Q2 2021 to Q3 2023. Employing a suite of sophisticated tools, such as LadonGo and Cobalt Strike, and tactics like intelligent data gathering with wevtutil, the Chinese APT group successfully infiltrates networks, targeting notable governmental figures and exfiltrating sensitive information.
The Siege of Southeast Asia's Government Sector with Alloy Taurus
Unit42 pinpoints Alloy Taurus, a Chinese cyberespionage faction, directing an aggressive and persistent cyber campaign at Southeast Asian government entities from early 2022. Specializing in exploiting Exchange Server vulnerabilities and deploying various web shells and backdoors, such as China Chopper, Reshell, and Zapoa, the group seeks to pave secretive pathways into protected networks. Their utilization of several cyber tools, including Cobalt Strike and Gh0stCringe RAT, and tactics like credential theft and brute force attacks indicates a motive geared towards stealthy, extended espionage within the region.
Phishing Reigns Supreme: Rockwell Automation Unveils Key Tactics in Industrial Cyberattacks
Rockwell Automation's groundbreaking study with Cyentia Institute delves deep into the industrial sector's cyber vulnerabilities. Analyzing 122 cybersecurity events, the report uncovers a concerning trend: over 60% of attacks are state-affiliated, with internal personnel unintentionally aiding in a third of these incidents. The energy sector emerges as the most targeted, and phishing dominates as the preferred attack method.
Lazarus Strikes Again: Fifth Major Crypto Attack Targets CoinEx in 2023
In a growing series of crypto attacks in 2023, the North Korean Lazarus Group is suspected of orchestrating a breach on CoinEx. Elliptic's research uncovers parallels between this and Lazarus' previous thefts, marking a strategic shift in the group's focus from decentralized to centralized crypto services. This surge in Lazarus' attacks, coupled with their evolving tactics, amplifies concerns in the financial industry about the security of centralized exchanges.
UNC3944's Shifting Tactics: From Phishing to Ransomware Rampage
Mandiant's latest report uncovers UNC3944's expanding threat landscape. Known aliases include "Scattered Spider" and "0ktapus." Initially recognized for their prowess in social engineering, the group is now launching sophisticated ransomware attacks across diverse sectors like telecommunications, retail, and finance. Their modus operandi often combines smishing with tactics to bypass multi-factor authentication, capitalizing on legitimate software and data theft for extortion purposes. Their evolving tactics indicate an intention to refine and diversify their strategies further.
A Deceptive Attack with a PoC Lure for CVE-2023-40477
Unit42's Robert Falcone has identified a cunning strategy by a threat actor leveraging the allure of a PoC code tied to the CVE-2023-40477 vulnerability in WinRAR. Using a fraudulent PoC script, the actor aims to spread the VenomRAT payload. This campaign seems less directed at researchers but appears opportunistic, targeting those keen on integrating new vulnerabilities into their malicious endeavors.
About the Forge & Threat Reports
Our mission is to assess the operational behaviors of all threats to provide the community, and our customers, with actionable information and enterprise-ready detections in order to defend themselves in an ever- changing threat landscape.
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
Whitepapers
The World's Best SOC Teams Use Anvilogic
.svg)
.svg)
.svg)
.png)
Build Detections You Want, Where You Want
