Anvilogic Forge Threat Research Reports
Here you can find an accumulation of trending threats published weekly by the Anvilogic team.
We curate threat intelligence to provide situational awareness and actionable insights
Atomic detections that serve as the foundation of our detection framework.
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Quantum Ransomware Attacks Government Agriculture Agency
Quantum ransomware attacked the Dominican Republic's Instituto Agrario Dominicano on August 18, 2022, demanding $650,000 in ransom. The attack compromised all servers, stealing 1TB of data. The agency, lacking security measures and funds, faces substantial damage with databases, applications, and emails affected.
Cyberattacks and Covid Maintain Challenges for Aviation and Travel Industry
Cyble reports that cyber threats continue to target the aviation and travel industries, exacerbated by Covid. Threat actors exploit poor cybersecurity practices, legacy systems, and insider threats, often stealing payment card information and loyalty rewards. Ransomware incidents by Quantum, RansomEXX, AlphaVM, and LockBit were notable in 2022.
0ktapus, An Okta Themed Phishing Campaign
Group-IB reveals the 0ktapus phishing campaign, impersonating Okta and targeting 130 organizations, resulting in 9,931 compromised accounts. The campaign, which began in March 2022, used 169 unique domains to obtain Okta credentials and 2FA codes from users across various industries.
MuddyWater APT Exploits Log4j
Microsoft reports the Iranian APT group MuddyWater exploiting the Log4Shell vulnerability (CVE-2021-44228) against Israeli organizations and targeting telecommunication sectors in the Middle East and Asia. The group exploits unpatched SysAid Server instances, uses tools like Mimikatz for credential theft, and establishes persistence via autorun registry keys.
Threat Actor Abuses Video Game, Genshin Impact Anti-Cheat Driver
Trend Micro identifies ransomware actors abusing Genshin Impact's anti-cheat driver, mhyprot2.sys, to gain kernel-level privileges and terminate endpoint protection services. The exploitation, observed in July 2022, led to the deployment of ransomware after lateral movement and execution of malicious scripts.
Infectious Spearphishing Emails Linked with Kimsuky's GoldDragon Cluster
Kaspersky identifies Kimsuky's GoldDragon cluster using spearphishing emails targeting politicians. The emails contain malicious Word documents that execute VBS scripts to gather host information and download additional malware. GoldDragon uses complex multi-stage C2 servers to aid their campaigns.
.png)
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
.png)
Whitepapers
The World's Best SOC Teams Use Anvilogic
.png)
.svg)
.svg)
.svg)
.svg)
.svg)
