Anvilogic Forge Threat Research Reports
Here you can find an accumulation of trending threats published weekly by the Anvilogic team.
We curate threat intelligence to provide situational awareness and actionable insights
Atomic detections that serve as the foundation of our detection framework.
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
HappyDoor Malware's Continuous Development by Kimsuky
ASEC's report reveals the ongoing evolution of HappyDoor malware by the North Korean group Kimsuky. First identified in 2021, the malware now features advanced info-stealing and backdoor capabilities. Distributed via spear-phishing, HappyDoor encrypts and exfiltrates data, using tools like ngrok and Chrome Remote Desktop for persistent access.
Red Canary: Thwarts Ransomware From Early Signs of Malicious PowerShell
In June 2024, Red Canary prevented a ransomware attack on a major city hospital by detecting malicious PowerShell activity. The attack, originating from a webshell on a Microsoft Exchange server, was stopped before it could impact patient care. Key steps included monitoring for suspicious PowerShell activity and preventing the disabling of Windows Defender.
Cybersecurity Agencies Reveal Tactics of a Prolific Chinese Hacking Group
The ASD’s ACSC and CISA reveal the activities of APT40, a Chinese state-sponsored hacking group targeting global networks. Known for exploiting vulnerabilities in critical infrastructure, APT40 uses compromised devices to evade detection and exfiltrate sensitive data. Defensive measures include applying security patches, deploying web application firewalls, and replacing outdated networking devices.
New "regreSSHion" Vulnerability - CVE-2024-6387, Could Enable Remote Code Execution on Linux
The newly discovered regreSSHion vulnerability (CVE-2024-6387) in OpenSSH allows remote code execution on glibc-based Linux systems. Found by Qualys, this flaw affects versions 8.5p1 to 9.7p1. Updating to version 9.8p1 or later is essential to mitigate this severe threat and secure your systems.
GrimResource Attack Exploits Old XSS Flaw in Microsoft Management Console
Elastic researchers uncover GrimResource, a novel attack technique exploiting an old XSS flaw in Microsoft Management Console (mmc.exe). Attackers use this vulnerability to execute arbitrary code via a maliciously crafted MSC file, leading to unauthorized access and system takeover, ultimately deploying Cobalt Strike. Securing against this flaw is essential to prevent exploitation.
Misconfigured Ports Continue to Plague Docker Instances, Enabling Container Host Escapes via Bind
Datadog reports on Docker misconfigurations leading to host escapes and cryptojacking by the Spinning YARN campaign. Attackers exploit exposed Docker ports, bind containers to hosts, and deploy XMRig miners. This highlights the critical need for securing Docker instances and cloud assets against such vulnerabilities and attacks.
.png)
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
.png)
Whitepapers
Trusted by leading teams at
.png)
.svg)
.svg)
.svg)
.svg)
.svg)
