We curate threat intelligence to provide situational awareness and actionable insights
Threat Identifier Detections
Atomic detections that serve as the foundation of our detection framework.
Threat Scenario Detections
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
Reports Hot Off the Forge
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Attacks from 8Base Ransomware Gang Surges
8Base ransomware gang's attacks increased significantly between May and June 2023, targeting various industries. The group uses double extortion tactics and claims to target only companies neglecting data privacy. VMware's analysis suggests that 8Base might be an off-shoot of RansomHouse or a copycat due to significant similarities in their ransom notes and data leak websites.
DDoS Participation Rises for Pro-Russian Hackers
The pro-Russian hacking group, NoName057(16), has experienced a significant surge in participation in its DDoS toolkit, DDoSia, which targets primarily Ukrainian and NATO country websites. With the group's influence and monetary compensation, DDoSia's Telegram channel has accumulated a user base of over 10,000 individuals, supporting at least 400 active users.
The Range of Trigona Ransomware
Since its emergence in October 2022, Trigona ransomware has been evolving and targeting organizations worldwide. With its most significant impact on technology, healthcare, and financial sectors, it leverages vulnerabilities such as CVE-2021-40539 and uses double extortion to exploit its victims.
Human Error Highlights a North Korean Intrusion
A network intrusion attributed to Andariel, a sub-group of North Korea's Lazarus group, exposed operational errors, including typos and misunderstanding of the system's language. This incident has led to the discovery of a new remote access trojan known as "EarlyRAT", showing further ties to the Lazarus group.
Canadian Energy Supplies Under Threat by Russian Actors
As per Canadian intelligence, Russian threat actors may target the country's energy sectors in a bid to disrupt supplies and retaliate against Ukraine allies. A potentially significant cybersecurity issue, it highlights the importance of securing operational technology networks in energy-related industries.
APT28 Targets Roundcube Vulnerabilities to Exploit Ukrainian Organizations
Ukraine's CERT-UA and Recorded Future's Inskit Group have identified a spear phishing campaign by APT28, targeting Ukrainian government and military aviation sectors. The campaign exploits vulnerabilities in the Roundcube Webmail service to conduct reconnaissance, run exfiltration scripts, and gather user information, reflecting the group's relentless pursuit of strategic military advantages.
About the Forge & Threat Reports
Our mission is to assess the operational behaviors of all threats to provide the community, and our customers, with actionable information and enterprise-ready detections in order to defend themselves in an ever- changing threat landscape.
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
Whitepapers
The World's Best SOC Teams Use Anvilogic
.svg)
.svg)
.svg)
.png)
Build Detections You Want, Where You Want
