Anvilogic Forge Threat Research Reports

Emissary Panda Attack Insight

HVS Consulting's report outlines a nine-month campaign by Emissary Panda, featuring phases of initial compromise, persistence, and data exfiltration. Major vulnerabilities exploited include ProxyLogon, Confluence, and Log4Shell. ProxyLogon, widely exploited by groups like Hafnium and Fancy Bear, led to significant Exchange server compromises.

Banking outage in Canada

On February 16, 2022, a significant outage affected online and mobile banking services for major Canadian banks, including Royal Bank of Canada (RBC), Bank of Montreal (BMO), Scotiabank, TD Bank, and Canadian Imperial Bank of Commerce (CIBC). The issues peaked between 17:00 - 18:00 EST, with customers experiencing service disruptions and transaction rejections. Despite efforts to restore services, customers reported ongoing issues throughout the day.

Analysis of Ukraine's DDoS Attack

CadoSecurity's analysis of the February 2022 DDoS attack on Ukraine reveals the involvement of the Katana botnet, impacting banks, government, and military sites. The attack, attributed to Russia, caused moderate disruptions.

CISA Advisory - BlackByte Ransomware

Ukraine & Russia Cyber Update

The CISA advisory on the Ukraine-Russia crisis highlights Russian threat actors targeting vulnerabilities in Oracle Weblogic, Exchange, Cisco, VMware, and Citrix. The attacks focus on critical infrastructure, particularly OT/ICS networks. MITRE ATT&CK framework-based TTPs are detailed. Joint CISA-FBI advisory reveals U.S. Cleared Defense Contractors are targets for sensitive information theft since January 2020.

Trickbot Fading and Conti Rises

AdvIntel reports Trickbot's decline, with Conti absorbing its key developers and investing in new tools like BazarBackdoor. Conti has grown rapidly, aiming to monopolize the cyber threat market. Despite Trickbot's detectability, its threat remains, raising concerns about Conti's expanding capabilities and future operations.