Anvilogic Forge Threat Research Reports
Here you can find an accumulation of trending threats published weekly by the Anvilogic team.
We curate threat intelligence to provide situational awareness and actionable insights
Atomic detections that serve as the foundation of our detection framework.
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Global Affairs Canada Cyberattack
On January 19, 2022, Global Affairs Canada (GAC) detected a cyberattack causing network disruptions. While critical services remain available, some online services are still recovering. The GAC, responsible for managing Canada's foreign and consular relations, confirmed no impact on other government departments.
US Federal Government Initiative to protect Water Systems
The US government and the EPA have launched an initiative to protect the nation's water systems, focusing on enhancing cyber defense technologies. A pilot program by the EPA and CISA aims to improve ICS monitoring and cooperation among water sector entities, safeguarding over 150,000 systems serving 300 million Americans.
CVE-2021-4034 - Polkit's Pkexec - LPE
Qualys has identified CVE-2021-4034, a local privilege escalation vulnerability in the SUID-root program polkit's pkexec, present on all major Linux distributions including Ubuntu, Debian, Fedora, and CentOS. Exploiting this vulnerability is described as trivial due to the ease of execution, with various proofs-of-concept released by security researchers demonstrating the vulnerability. The impact is widespread, offering attackers high privileges across all affected Linux distributions.
Remote Access Trojan - STRRAT
FortiGuard's research details STRRAT, a remote access trojan active since 2020. Spread via phishing emails impersonating Maersk, it uses an Excel dropper to deliver the java-based RAT. STRRAT establishes persistence and has extensive capabilities including keystroke logging and credential theft.
RRD Victim of Conti Ransomware Attack
Communications firm R.R. Donnelley & Sons (RRD) was hit by a Conti ransomware attack in December 2021, causing a network shutdown. Conti later claimed to have stolen 2.5 GB of data. Both parties are cooperating, and RRD continues to investigate the incident's impact.
Mandiant - AVADDON Ransomware
Mandiant's research on AVADDON ransomware, active from June 2020 to June 2021, highlights its impact on various sectors, including education, finance, healthcare, and technology. The ransomware group utilized initial access brokers, custom web shells like BLACKCROW and DARKRAVEN, and tools such as EMPIRE and POWERSPLOIT for post-exploitation. Tactics included RDP for lateral movement, scheduled tasks for persistence, 7zip for data archival, and MEGAsync for data staging and exfiltration. Mandiant speculates potential links between AVADDON and other ransomware groups, BLACKMATTER and SABBATH.
.png)
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
.png)
Whitepapers
The World's Best SOC Teams Use Anvilogic
.png)
.svg)
.svg)
.svg)
.svg)
.svg)
