Anvilogic Forge Threat Research Reports
Here you can find an accumulation of trending threats published weekly by the Anvilogic team.
We curate threat intelligence to provide situational awareness and actionable insights
Atomic detections that serve as the foundation of our detection framework.
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
RURansom Wiper
TrendMicro reports the discovery of RURansom Wiper, a malware targeting Russian assets amid the Ukraine conflict. Detected between February 26 and March 2, 2022, the malware causes irreversible damage, without ransom demands. It executes only if the host's software or IP is Russian, with multiple variations observed.
Malware “Liberator” Targets Ukraine
Cisco Talos reports that cybercriminals are exploiting the Russia-Ukraine conflict by distributing the "Liberator" malware to Ukraine sympathizers. Disguised as a DDoS tool against Russia, the malware is spread through Telegram, specifically targeting members of the Ukraine IT Army. The threat actor behind this has been active since November 2021, distributing various information stealers.
TA416
Since November 2021, Chinese APT group TA416 has escalated phishing attacks on European diplomats, using web bugs, SMTP2Go for sender impersonation, and Dropbox links to deliver PlugX malware. The campaigns increased notably following Russia's invasion of Ukraine, highlighting significant geopolitical implications.
Prophet Spider Exploits CVE-2021-22941
CrowdStrike reports that Prophet Spider exploited CVE-2021-22941, a remote code execution vulnerability in Citrix ShareFile Storage Zones Controller, to compromise an IIS web server. The attackers uploaded a webshell, checked connectivity using nslookup, and used PowerShell and wget to download additional files for further operations.
Lapsus$ Breaches Mercado Libre
The Lapsus$ threat group has breached Argentine e-commerce giant Mercado Libre, adding to its recent string of compromises. The breach, disclosed in a Securities and Exchange Commission (SEC) Form 8-K filing, revealed unauthorized access to the company's source code and data of 300,000 users. However, Mercado Libre assured that its IT infrastructure and sensitive financial information were not compromised. The company is implementing strict measures to prevent further incidents.
Google TAG Provides Update on Russian Threat Groups
Google’s Threat Analysis Group (TAG) updates on Russian threat groups targeting Ukraine. APT28/FancyBear conducts phishing campaigns to obtain credentials from Ukrainian media sites. Ghostwriter/UNC1151 targets Polish and Ukrainian government and military entities with phishing attacks. Mustang Panda/Temp.Hex distributes malicious zip files to download malware payloads, further escalating cyber threats in the region.
.png)
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
.png)
Whitepapers
The World's Best SOC Teams Use Anvilogic
.png)
.svg)
.svg)
.svg)
.svg)
.svg)
