Anvilogic Forge Threat Research Reports

Here you can find an accumulation of trending threats published weekly by the Anvilogic team.

All Threat Reports

Levels

All
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
This is some text inside of a div block.
04
-
04
-
2024
Level:
Tactical
|
Source:

TA577 Expands Cyber Activities Beyond Initial Access

TA577, recognized for their role as initial access brokers, has significantly expanded their cyberattack strategies into post-exploitation activities. Proofpoint's research highlights their use of Impacket and thread hijacking emails to harvest NTLM authentication hashes, demonstrating a shift towards more invasive and sophisticated operations. This evolution emphasizes the need for robust security measures, including outbound SMB connection monitoring and timely software updates, to protect against these advanced threat tactics.

Global
This is some text inside of a div block.
04
-
04
-
2024
Level:
Strategic
|
Source:

Apple Users Flooded with Unrelenting Phishing Prompts

Apple's password reset functionality is under exploit by a phishing scheme, bombarding users with continuous system-level prompts, a tactic known as "push bombing." Victims, including high-profile individuals, face unyielding attempts to compromise their data, with fraudsters leveraging caller ID spoofing to mimic Apple Support. This campaign's persistence indicates a significant oversight in Apple's security framework, particularly the absence of rate-limiting for password reset requests, posing severe usability and privacy risks. Security experts advocate for immediate system design corrections to mitigate these vulnerabilities.

Global
This is some text inside of a div block.
03
-
28
-
2024
Level:
Tactical
|
Source:

Earth Krahang's Wide-Reaching Cyber Espionage Tactics and Targets

Trend Micro's report highlights Earth Krahang's cyber espionage impacting various sectors globally, including defense, government, and technology. Utilizing malware and spear-phishing, this Chinese threat actor has compromised over 70 organizations in 45 countries. Techniques like CVE exploitation and malicious email campaigns enable Earth Krahang to infiltrate and exfiltrate data from targeted entities, underlining the need for robust cyber defense strategies.

Defense
Entertainment
Financial
Government
Healthcare
This is some text inside of a div block.
03
-
28
-
2024
Level:
Tactical
|
Source:

The DEEP#GOSU Campaign's Script-Based Intrusion

Securonix unveils the DEEP#GOSU campaign, a sophisticated cyber espionage operation by North Korea's Kimsuky group targeting South Korea. Leveraging PowerShell and VBScript, attackers execute a script-based intrusion, employing encrypted communication and cloud services like Dropbox for stealth. The campaign involves deploying a Remote Access Trojan (RAT) for full control over infected systems, highlighting the need for vigilance in detecting unusual script activity and securing cloud service usage to mitigate threats.

Global
This is some text inside of a div block.
03
-
28
-
2024
Level:
Tactical
|
Source:

Vast Post-Exploitation Opportunities from JetBrains Vulnerabilities

Trend Micro highlights the exploitation of JetBrains TeamCity vulnerabilities, CVE-2024-27198 and CVE-2024-27199, which risk administrative control and system integrity. CVE-2024-27198 facilitates various malicious activities, including ransomware deployment and cryptocurrency mining, while CVE-2024-27199 could lead to information leaks. With attackers leveraging these for extensive control and persistence within networks, organizations are urged to update their TeamCity servers promptly to mitigate potential breaches and protect their infrastructure against these significant threats.

Global
This is some text inside of a div block.
03
-
28
-
2024
Level:
Strategic
|
Source:

Beware Scammers Pose as FTC Staff to Steal Money

The FTC has sounded an alarm over an uptick in scammers impersonating FTC officials to deceive individuals into sending money. Techniques involve urging victims to transfer funds, buy gold, or withdraw cash, under false pretexts. The median scam loss escalated from $3,000 in 2019 to $7,000 in 2024. With over 14,000 complaints of government impersonation frauds in 2023, resulting in $394 million in losses, the FTC, in collaboration with the FBI, has introduced the Government and Business Impersonation Rule to intensify efforts against such frauds. They urge public vigilance and reporting of suspicious activities, stressing that the FTC never demands money or threatens legal action for non-compliance.

Global

We curate threat intelligence to provide situational awareness and actionable insights

Threat Identifier Detections

Atomic detections that serve as the foundation of our detection framework.

Threat Scenario Detections

Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.

Reports Hot Off the Forge

Threat News Reports
Trending Threat Reports
ResearchArticles

Intelligence Levels for Threat Reports

Tactical

Detectable threat behaviors for response with threat scenarios or threat identifiers.

Strategic

General information security news, for awareness.

The World's Best SOC Teams Use Anvilogic

Paypal Logo
Rubrik Logo
Deloitte Logo
Ebay Logo
Regeneron Logo
SurveyMonkey Logo
TradeWeb Logo
Alteryx Logo
First Citizens Bank Logo
Sigma Logo
Crypto.com Logo
CSC Logo
Rakuten Mobile Logo
St. George's University Logo
Paypal Logo
Rubrik Logo
Deloitte Logo
Ebay Logo
Regeneron Logo
SurveyMonkey Logo
TradeWeb Logo
Alteryx Logo
First Citizens Bank Logo
TJX Logo
Sigma Logo
Crypto.com Logo
CSC Logo
Rakuten Mobile Logo
St. George's University Logo
Paypal Logo
Rubrik Logo
Deloitte Logo
Ebay Logo
Regeneron Logo
SurveyMonkey Logo
TradeWeb Logo
Alteryx Logo
First Citizens Bank Logo
TJX Logo
Sigma Logo
Crypto.com Logo
CSC Logo
Rakuten Mobile Logo
St. George's University Logo

Break Free from SIEM Lock-in

Break Free from SIEM Lock-in