Anvilogic Forge Threat Research Reports
Here you can find an accumulation of trending threats published weekly by the Anvilogic team.
We curate threat intelligence to provide situational awareness and actionable insights
Atomic detections that serve as the foundation of our detection framework.
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
HAFNIUM "hidden" Scheduled Tasks
Microsoft Detection and Response Team (DART) and Microsoft Threat Intelligence Center (MSTIC) track HAFNIUM's new tactic from August 2021 to February 2022. The group targets telecommunications, ISPs, and data services, using hidden scheduled tasks to achieve persistence and evade detection. By deleting the Security Descriptor (SD) value in the registry, tasks become hidden from standard query tools, yet forensic analysts can recover details from other registry values and associated XML files.
Lazarus Operation Dream Job
Symantec has tracked Lazarus, a North Korean APT, targeting South Korea's chemical and IT sectors with Operation Dream Job since January 2022. The campaign, active since August 2020, uses fake job postings to lure victims. The attack chain typically involves executing an HTM file to download a malicious DLL for process injection, observed in INISAFE Web EX Client. The attackers also dump registry keys for credentials, execute BAT files, and create scheduled tasks for persistence.
MetaStealer Malware
New information-stealing malware, META, is gaining popularity among cybercriminals. Research from SANS and BleepingComputer reveals that META is being distributed through malspam campaigns. Since March 30th, 2022, at least 16 samples have been submitted to VirusTotal. The malware uses GitHub and transfer[.]sh URLs to host malicious binaries. Described as an improved version of RedLine on underground forums, META targets browser credentials and cryptocurrency wallets.
CISA Warns of Cybercriminals Targeting Industrial Control Systems
Multiple United States government agencies, including the Department of Energy (DOE), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI), have issued an advisory warning of potential attacks from advanced persistent threat (APT) groups targeting industrial control systems (ICS). Attackers have demonstrated the capability to gain full system control of ICS and supervisory control and data acquisition (SCADA) devices. CISA identified devices at risk, including Schneider Electric programmable logic controllers (PLCs), OMRON Sysmac NEX PLCs, and Open Platform Communications Unified Architecture (OPC UA) servers. Although a recent attack by Sandworm targeting a Ukrainian energy provider on April 8th, 2022, was prevented, the threat remains significant.
Spring Exploits
Trend Micro research identifies exploits in Spring Core (CVE-2022-22965) and Spring Cloud Functions (CVE-2022-22963), leading to Mirai malware installation. Initial exploitation attempts were traced to Singapore, involving webshell uploads, permission changes, and shell script execution to install Mirai samples on various CPU architectures.
Potential Attack on Indian Electricity Grid by RedEcho
Recorded Future suspects Chinese group RedEcho in a cyber attack on India's power grid, targeting seven State Load Despatch Centres in North India near the Ladakh border. The attack aims for prepositioning, disruption, and intelligence collection amid India-China border tensions. Recorded Future’s director suggests it could signal deterrence capabilities.
.png)
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
.png)
Whitepapers
The World's Best SOC Teams Use Anvilogic
.png)
.svg)
.svg)
.svg)
.svg)
.svg)
