[Upcoming Session] 2024 Mid-Year Attacks & Trends. Join us August 1st.
Register
Skip to main content

Anvilogic Forge Threat Research Reports

Here you can find an accumulation of trending threats published weekly by the Anvilogic team.

Subscribe to Weekly Reports

We curate threat intelligence to provide situational awareness and actionable insights

Threat Identifier Detections

Atomic detections that serve as the foundation of our detection framework.

Threat Scenario Detections

Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.

Reports Hot Off the Forge

Threat News Reports
Trending Threat Reports
ResearchArticles

Featured Threat Reports

07
-
18
-
2024
Red Canary: Thwarts Ransomware From Early Signs of Malicious PowerShell
In June 2024, Red Canary prevented a ransomware attack on a major city hospital by detecting malicious PowerShell activity. The attack, originating from a webshell on a Microsoft Exchange server, was stopped before it could impact patient care. Key steps included monitoring for suspicious PowerShell activity and preventing the disabling of Windows Defender.
See the Report
View the Detection
07
-
18
-
2024
Cybersecurity Agencies Reveal Tactics of a Prolific Chinese Hacking Group
The ASD’s ACSC and CISA reveal the activities of APT40, a Chinese state-sponsored hacking group targeting global networks. Known for exploiting vulnerabilities in critical infrastructure, APT40 uses compromised devices to evade detection and exfiltrate sensitive data. Defensive measures include applying security patches, deploying web application firewalls, and replacing outdated networking devices.
See the Report
View the Detection

All Threat Reports

Levels

All
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
This is some text inside of a div block.
07
-
18
-
2024
Level:
Tactical
|
Source:
ASEC

HappyDoor Malware's Continuous Development by Kimsuky

ASEC's report reveals the ongoing evolution of HappyDoor malware by the North Korean group Kimsuky. First identified in 2021, the malware now features advanced info-stealing and backdoor capabilities. Distributed via spear-phishing, HappyDoor encrypts and exfiltrates data, using tools like ngrok and Chrome Remote Desktop for persistent access.

Global
This is some text inside of a div block.
07
-
18
-
2024
Level:
Strategic
|
Source:
Mandiant

NATO Faces Increasing Cyber Attacks Amidst Geopolitical Tensions

Mandiant's report highlights escalating cyber threats to NATO amidst geopolitical tensions. State-sponsored groups like Russia's APT29 and Chinese actors engage in cyber espionage, while hacktivist groups increase disruptive attacks. The report underscores the dual threats of espionage and destructive cyberattacks targeting NATO's critical infrastructure.

Global
This is some text inside of a div block.
07
-
11
-
2024
Level:
Tactical
|
Source:
ASEC

ASEC Unveils Xctdoor Malware Campaign Targeting South Korean Industries

ASEC has identified a cyber-espionage campaign by the North Korean group Andariel targeting South Korean defense and manufacturing sectors. The campaign uses Xctdoor malware to compromise enterprise environments, exfiltrate data, and monitor systems. The attackers exploit ERP software vulnerabilities to gain persistent access and execute further malicious activities.

Defense
Manufacturing
This is some text inside of a div block.
07
-
11
-
2024
Level:
Tactical
|
Source:
Datadog

Misconfigured Ports Continue to Plague Docker Instances, Enabling Container Host Escapes via Bind

Datadog reports on Docker misconfigurations leading to host escapes and cryptojacking by the Spinning YARN campaign. Attackers exploit exposed Docker ports, bind containers to hosts, and deploy XMRig miners. This highlights the critical need for securing Docker instances and cloud assets against such vulnerabilities and attacks.

Global
This is some text inside of a div block.
07
-
11
-
2024
Level:
Tactical
|
Source:
Elastic

GrimResource Attack Exploits Old XSS Flaw in Microsoft Management Console

Elastic researchers uncover GrimResource, a novel attack technique exploiting an old XSS flaw in Microsoft Management Console (mmc.exe). Attackers use this vulnerability to execute arbitrary code via a maliciously crafted MSC file, leading to unauthorized access and system takeover, ultimately deploying Cobalt Strike. Securing against this flaw is essential to prevent exploitation.

Global
This is some text inside of a div block.
07
-
11
-
2024
Level:
Strategic
|
Source:
OpenSSH, Qualys & The Record

New "regreSSHion" Vulnerability - CVE-2024-6387, Could Enable Remote Code Execution on Linux

The newly discovered regreSSHion vulnerability (CVE-2024-6387) in OpenSSH allows remote code execution on glibc-based Linux systems. Found by Qualys, this flaw affects versions 8.5p1 to 9.7p1. Updating to version 9.8p1 or later is essential to mitigate this severe threat and secure your systems.

Global

About the Forge & Threat Reports

Deploy and maintain detections and threat hunt across all of your logging platforms and security tools without centralizing your data or deploying new agents.

Our mission is to assess the operational behaviors of all threats to provide the community, and our customers, with actionable information and enterprise-ready detections in order to defend themselves in an ever-changing threat landscape.

Sign Up For Weekly Threat Reports

Intelligence Levels for Threat Reports

Tactical

Detectable threat behaviors for response with threat scenarios or threat identifiers.

Strategic

General information security news, for awareness.

Whitepapers

White Paper: Forge Threat Detection Success at the Pyramid Apex
White Paper: Forge Threat Detection Success at the Pyramid Apex

The World's Best SOC Teams Use Anvilogic

Paypal Logo
Rubrik Logo
Deloitte Logo
Ebay Logo
Regeneron Logo
SurveyMonkey Logo
TradeWeb Logo
Alteryx Logo
First Citizens Bank Logo
Sigma Logo
Crypto.com Logo
Rakuten Mobile Logo
St. George's University Logo
Paypal Logo
Rubrik Logo
Deloitte Logo
Ebay Logo
Regeneron Logo
SurveyMonkey Logo
TradeWeb Logo
Alteryx Logo
First Citizens Bank Logo
TJX Logo
Sigma Logo
Crypto.com Logo
Rakuten Mobile Logo
St. George's University Logo

Research to keep you up-to-date on threats

Learn More

Interested in joining the Anvilogic team?

See Careers

Break Free from SIEM Lock-in

Break Free from SIEM Lock-in

Book a Demo
AI Security
Application & User Security
Cybersecurity Enforcement
User Security
Cybercrime
Russia and Ukraine
Cyberattack
Tactical Threat Detection
Vulnerability
Threat Actor Activities
Strategic InfoSec News
Ransomware News
Network Security
Featured
Mobile Security
Malware Campaigns
Data Breach
Internet of Things (IoT) Security
Critical Infrastructure Security
Application Security
Cloud Security