We curate threat intelligence to provide situational awareness and actionable insights
Threat Identifier Detections
Atomic detections that serve as the foundation of our detection framework.
Threat Scenario Detections
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
Reports Hot Off the Forge
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Russian Threat Actor Had Access to Ukraine Government Site Since 2021
Ukrainian agencies revealed that Russian hackers, linked to Ember Bear, compromised government websites since December 2021. Discovered in February 2023, the attackers deployed multiple backdoors, affecting several sites but causing no significant operational disruptions.
Wiper Malware Poses Increasing Threat to Cybersecurity
Fortinet's research shows a 53% increase in wiper malware usage, particularly since the Russia-Ukraine conflict began. Initially used by nation-states, these destructive tools are now widespread among cybercriminals, posing a severe threat to global cybersecurity.
An Odd Certutil Download Spurs Investigation from Huntress
Huntress investigates a suspicious certutil download, uncovering a malicious DLL linked to Truebot malware and TA505 threat group. The payload exploited GoAnywhere MFT software vulnerabilities, creating persistence with scheduled tasks. Immediate patching is urged.
Threat Actors Exploiting ManageEngine RCE
Bitdefender reports exploitation of ManageEngine ServiceDesk's RCE vulnerability (CVE-2022-47966). Attackers use native Windows tools to download malicious payloads, urging immediate patching of vulnerable servers to prevent targeted attacks and potential espionage.
Coinbase Contains Incident Rooted from Social Engineering Campaign
Coinbase contained a security incident from a phishing attack targeting its employees. No customer data or funds were compromised, thanks to robust security measures. The incident highlights the ongoing threat of social engineering campaigns.
Recorded Future: Tracking Ransomware Activity in January 2023
Recorded Future's January 2023 ransomware tracker shows a significant decrease in attacks on education, government, and healthcare sectors. With only three attacks on state and local government entities and seven on healthcare organizations, improved security and lower financial incentives for attackers are credited for the decline.
About the Forge & Threat Reports
Our mission is to assess the operational behaviors of all threats to provide the community, and our customers, with actionable information and enterprise-ready detections in order to defend themselves in an ever- changing threat landscape.
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
Whitepapers
The World's Best SOC Teams Use Anvilogic
.svg)
.svg)
.svg)
.png)
Build Detections You Want, Where You Want
