Anvilogic Forge Threat Research Reports
Here you can find an accumulation of trending threats published weekly by the Anvilogic team.
We curate threat intelligence to provide situational awareness and actionable insights
Atomic detections that serve as the foundation of our detection framework.
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
RagnarLoocker - FBI Flash Report
The FBI's flash report highlights RagnarLocker ransomware, affecting 52 entities across critical sectors, including manufacturing, energy, and IT, since April 2020. RagnarLocker avoids systems in certain regions and deletes shadow copies before encrypting specific files. The ransomware family continues to pose significant threats to critical infrastructure.
Mandiant Reports APT41 Targeting US Government
Mandiant reports that Chinese state-sponsored threat group APT41 targeted six U.S. state government entities between May 2021 and February 2022. The group exploited vulnerabilities in public-facing web applications, including Log4j and USAHerds (CVE-2021-44207). APT41 used .NET deserialization attacks, SQL injection, and directory traversal vulnerabilities for initial access. Post-compromise, the group conducted reconnaissance, harvested credentials using dsquery and Mimikatz, and maintained persistence with scheduled tasks. APT41 utilized Cloudflare services for command and control (C2) and data exfiltration, employing evasion techniques like Alternate Data Stream (ADS) and VMProtect in malware.
CaddyWiper Data Wiper Attacks Ukraine
ESET researchers, as reported by BleepingComputer, have discovered CaddyWiper, a new data-destroying malware targeting Ukrainian organizations. The malware avoids affecting domain controllers, likely to retain access for attackers. Compiled on March 14th, 2022, CaddyWiper does not share significant code similarities with prior wipers but was deployed similarly to HermeticWiper, via Group Policy Objects (GPO), indicating prior control of the target network by the attackers.
Starlink Target Risks
Elon Musk warns of high risks targeting Starlink, the sole non-Russian communication system active in Ukraine. Starlink provides critical internet connectivity amid the Russian invasion, but its unique position makes it a likely target for cyber attacks. The service has been crucial since its deployment on February 28th, 2022.
U.S Hospitals to Brace for Cyber Attacks
The AHA alerts U.S. hospitals to brace for potential cyber-attacks amid the Russia-Ukraine conflict. Hospitals are advised to prepare for disruptions lasting 4-6 weeks. Concerns include retaliation for sanctions and the Conti ransomware gang, which has previously targeted healthcare organizations and aligned with Russia.
Targeted BABYSHARK Attack on Think Tank
Huntress identified BABYSHARK malware targeting security think tanks, attributed to North Korean threat actors. The attack involved a fraudulent GoogleUpdater task, a targeted system check, and persistence mechanisms triggered by specific usernames. The origin was traced to a malicious phishing email with a link.
.png)
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
.png)
Whitepapers
The World's Best SOC Teams Use Anvilogic
.png)
.svg)
.svg)
.svg)
.svg)
.svg)
