We curate threat intelligence to provide situational awareness and actionable insights
Threat Identifier Detections
Atomic detections that serve as the foundation of our detection framework.
Threat Scenario Detections
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
Reports Hot Off the Forge
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Major Financial Systems Under Threat by Pro-Russian Hackers
Russian hacker groups Killnet, REvil, and Anonymous Sudan are threatening severe cyberattacks on major financial institutions in Europe and the US, including SWIFT and the US Federal Reserve System. These attacks, announced in a video, are politically motivated, retaliating against Western support for Ukraine. The hackers claim their actions will go beyond DDoS attacks to more destructive activities, aligning with Killnet's known tactics.
Over 100 Popular Brands Impersonated in Large-Scale Phishing Campaign
Bolster's threat research team uncovered a large-scale phishing campaign targeting over 100 popular brands, including Nike, Adidas, and Puma. The campaign, active since June 2022, uses over 3,000 live domains to impersonate brands and steal personal and financial information from victims. Spikes in activity were observed in November 2022 and February 2023. The phishing sites use SEO techniques to rank high in search results, and the domains often combine brand names with locations. Bolster warns customers to be vigilant to avoid falling into these traps.
RomCom Threat Actor Attacks Ukrainian Politicians & US Healthcare Allies
RomCom, a threat actor, has reemerged targeting Ukrainian politicians and a US-based healthcare organization aiding refugees. BlackBerry reports that RomCom uses fake Devolutions Remote Desktop Manager installations to drop malicious payloads, focusing on intelligence collection related to geopolitical events in Ukraine and Western aid efforts. The malware is executed via RunDLL32, aiming to expand RomCom's knowledge for future campaigns.
An Ongoing Campaign of BEC Attacks
Sygnia's incident response team has identified a large-scale BEC campaign leveraging phishing emails and Adversary in the Middle (AiTM) tactics. The campaign targets Office365 accounts globally, using compromised credentials to add their own MFA devices and expand their reach. Attackers send phishing emails appearing from legitimate sources, leading victims to fraudulent login pages to steal credentials. This campaign spreads in a worm-like fashion, impacting numerous organizations.
Cadet Blizzard Recognized as the Culprit of Russian Data Wiper Malware
Microsoft has identified the Russian threat group Cadet Blizzard, formerly known as DEV-0586, as the culprit behind the WhisperGate data wiper and various disruptive cyber operations against Ukraine. Active since 2020, Cadet Blizzard has targeted consulting, emergency services, government, law enforcement, and technology sectors. The group uses compromised credentials, web shells, and "living off the land" techniques to maintain low profiles. Their activities peaked during the Russia-Ukraine conflict and resumed with defacement attacks in early 2023.
APT38 Poses as Financial Service Sector to Infiltrate Networks
APT38, a North Korean threat group, poses as financial entities and venture capital firms to infiltrate networks, targeting financial institutions in Japan, Taiwan, and the US. Recorded Future's Insikt Group identified 74 domains and 6 malicious files used in this campaign. APT38's activities align with their history of targeting cryptocurrency exchanges and banks to support the North Korean government financially.
About the Forge & Threat Reports
Our mission is to assess the operational behaviors of all threats to provide the community, and our customers, with actionable information and enterprise-ready detections in order to defend themselves in an ever- changing threat landscape.
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
Whitepapers
The World's Best SOC Teams Use Anvilogic
.svg)
.svg)
.svg)
.png)
Build Detections You Want, Where You Want
