Anvilogic Forge Threat Research Reports
Here you can find an accumulation of trending threats published weekly by the Anvilogic team.
We curate threat intelligence to provide situational awareness and actionable insights
Atomic detections that serve as the foundation of our detection framework.
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Attack Chain Evolution Reveals Muddled Libra’s Continuous Refinement of its Capabilities
Unit 42’s latest analysis of Muddled Libra shows the threat group evolving its tactics across ransomware and extortion campaigns. Now targeting help desks, using AI voice models, and deploying tools like PsExec, BlackCat, and RMM software, Muddled Libra poses a serious and adaptive threat to enterprise environments globally.
Leaked Access Key Enables Cloud Intrusion, AWS Identity Center Abused for Persistence
Datadog uncovered an AWS breach exploiting a leaked access key tied to a management account. Attackers used AWS Identity Center and Lambda to establish persistence, created IAM users, disabled centralized services, and abused Telegram bots for automation. The case highlights how long-term keys can trigger full cloud compromise.
Fake Voices, Real Threat: FBI Flags Rise in Deepfake Vishing Attacks
The FBI warns of deepfake vishing attacks impersonating senior U.S. officials using AI-generated voices and smishing tactics. Active since April 2025, the campaign exploits trust to hijack accounts and extract sensitive data. The agency advises verifying messages via trusted channels and enabling multi-factor authentication to prevent compromise.
Experts Warn of Imminent AI Agent Use in Real-World Cyberattacks
Cybersecurity experts including Kevin Mandia warn that AI agents may soon power real-world cyberattacks. While major AI models are well-defended, unregulated or open-source alternatives could enable undetected automation. Experts urge preparation, as shifting motivations may trigger a new era of AI-driven cyber threats, led initially by criminal actors.
DarkCloud Malware Intensifies Targeting Government, Finance, and Tech
Unit 42 observed a spike in DarkCloud Stealer activity, with 78 samples identified in early 2025. Most targeted government entities, followed by tech and finance sectors. Delivered via phishing and AutoIt loaders, DarkCloud harvests credentials and persists through registry keys, while evading detection with advanced anti-analysis tactics.
APT36 Expands ClickFix Technique for Linux Systems
APT36, also known as Transparent Tribe, is expanding its ClickFix phishing campaign to include Linux payloads. A spoofed Ministry of Defence site drops shell commands that mimic past Windows-based tactics. Though current payloads are non-malicious, Hunt.io warns of evolving cross-platform tradecraft targeting Indian government entities.
.png)
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
.png)
Whitepapers
The World's Best SOC Teams Use Anvilogic
.png)
.svg)
.svg)
.svg)
.svg)
.svg)
