Anvilogic Forge Threat Research Reports
Here you can find an accumulation of trending threats published weekly by the Anvilogic team.
We curate threat intelligence to provide situational awareness and actionable insights
Atomic detections that serve as the foundation of our detection framework.
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
"BadPilot" Campaign From Russian APT Pose Ongoing Cyber Threat to Western Nations
Microsoft has identified the "BadPilot" cyber campaign by Russian APT Seashell Blizzard, which targets critical sectors across Western nations. Exploiting vulnerabilities in Microsoft Exchange, Zimbra, and Fortinet, the group employs RMM tools, web shells, and credential theft to enable long-term espionage and cyber disruptions, aligning with Russia’s geopolitical objectives.
Akira and Fog Dominate Ransomware Landscape, But Payouts Fall in Q4 2024
Coveware reports that ransomware payments hit a record low of 25% in Q4 2024, despite Akira and Fog leading attack volumes. Law enforcement takedowns and better defenses have disrupted operations, pushing threat actors toward data extortion and AI-driven phishing. VPN vulnerabilities, phishing, and social engineering remain top attack vectors.
Abyss Locker Ransomware Attack Chain Revealed with Windows, ESXi, and NAS Devices Compromised
Sygnia uncovered Abyss Locker ransomware exploiting SonicWall VPN flaws to infiltrate Windows, ESXi, and NAS devices. Attackers use PowerShell scripts for credential theft, disable security tools, and deploy Chisel for persistence. Files are encrypted with '.Abyss' and '.crypt' extensions. Organizations must enhance VPN security and monitor lateral movement techniques.
MacOS Infostealers on the Rise with Atomic, Poseidon, and Cthulhu Stealer
Unit 42 has identified a 101% increase in macOS infostealers, including Atomic, Poseidon, and Cthulhu Stealer. These malware variants exploit AppleScript to steal credentials, browser data, and cryptocurrency wallets. Attackers distribute them via malvertising and phishing. As macOS threats grow, users must remain vigilant against deceptive system prompts and Trojanized software.
AI Startup DeepSeek Exposes Over a Million Log Entries Due to Database Misconfiguration
AI startup DeepSeek exposed over a million log entries due to a misconfigured ClickHouse database, leaving chat logs, API keys, and backend data unprotected. Researchers at Wiz identified the issue, which has since been mitigated. The incident highlights critical security risks in AI infrastructure, emphasizing the need for stronger data protection measures.
Google Unveils State-Sponsored Hackers’ AI Experiments on Gemini
Google Threat Intelligence Group (GTIG) uncovered state-sponsored hackers from Iran, China, North Korea, and Russia testing Gemini AI for cyber operations. While AI hasn’t yet enabled advanced cyberattacks, adversaries are leveraging it for phishing, reconnaissance, and scripting assistance. Google emphasizes ongoing AI security improvements to prevent future misuse.
.png)
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
.png)
-min.png)
The World's Best SOC Teams Use Anvilogic
.svg)
