Anvilogic Forge Threat Research Reports
Here you can find an accumulation of trending threats published weekly by the Anvilogic team.
We curate threat intelligence to provide situational awareness and actionable insights
Atomic detections that serve as the foundation of our detection framework.
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Microsoft Identifies Cybercrime Gang Exploiting AI for Illicit Content Generation
Microsoft exposed cybercrime group Storm-2139 for abusing AI to create illicit content and bypass safeguards. Members from Iran, UK, Hong Kong, and Vietnam were named in legal action. The gang resold unauthorized access to AI tools. Microsoft seized infrastructure, disrupted operations, and is pursuing law enforcement referrals globally.
OpenAI Continues to Disrupt Cyber Threat Actors Exploiting AI for Influence Operations and Cybercrime
OpenAI disrupted multiple threat actors exploiting AI for cybercrime, disinformation, and surveillance. Activity spanned North Korean fraud schemes, Chinese propaganda, Iranian influence ops, and romance scams. OpenAI banned accounts tied to groups like APT38 and STORM-2035, and continues to collaborate with industry peers to prevent AI misuse globally.
Patched Check Point Vulnerability CVE-2024-24919 Exploited to Deploy ShadowPad Malware and Ransomware
CVE-2024-24919, patched in May 2024, is being exploited to steal VPN credentials, enabling ShadowPad and ransomware deployment. Targeting manufacturing and healthcare sectors, attackers gain access via VPNs, move laterally using RDP and SMB, and use DLL sideloading for persistence. Organizations are urged to patch and monitor activity.
EncryptHub A Emerging Threat Group Behind 618 Attacks Since 2024
EncryptHub, also known as Larva-208, has launched over 600 ransomware attacks globally since mid-2024. Using smishing, fake IT support, and credential theft, they deploy PowerShell-based encryptors and data stealers. Linked to RansomHub and BlackSuit, EncryptHub is a growing ransomware threat to enterprises through advanced social engineering tactics.
iVerify Uncovers Pegasus Spyware on Private Sector Devices, Expanding Surveillance Concerns
iVerify has uncovered Pegasus spyware on private sector devices, affecting executives in finance, real estate, and logistics. The findings reveal long-term surveillance dating back to 2021, with infections across Europe and the Middle East. This expands concerns beyond political targets, highlighting risks of corporate espionage and advanced mobile surveillance threats.
Russian Threat Actors Exploit Signal’s Linked Devices Feature for Espionage
Russian state-aligned hackers are exploiting Signal Messenger’s "Linked Devices" feature to gain persistent access to secure communications. GTIG reports phishing campaigns tricking victims into linking Signal accounts to attacker-controlled devices. Groups like Sandworm also extract Signal messages from compromised systems. Users should review linked devices and follow Signal’s latest security updates.
.png)
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
.png)
Whitepapers
The World's Best SOC Teams Use Anvilogic
.svg)
