Anvilogic Forge Threat Research Reports
Here you can find an accumulation of trending threats published weekly by the Anvilogic team.
We curate threat intelligence to provide situational awareness and actionable insights
Atomic detections that serve as the foundation of our detection framework.
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Chinese Drones Pose Significant Risk to Critical U.S. Infrastructure, CISA Reports
CISA and the FBI warn that Chinese drones pose a significant risk to U.S. critical infrastructure, driven by vulnerabilities that could lead to data theft or network compromises. The advisory emphasizes the importance of secure UAS procurement and operation, aligning with secure-by-design principles and robust cybersecurity measures.
Docker Containers Hijacked for 9hits Traffic and Cryptomining in a Dual-Monetization Attack
Cado Security reveals a unique dual-monetization attack on Docker containers, employing both the 9hits traffic exchange and XMRig cryptomining. This strategy exploits cloud resources by generating traffic for credits and mining cryptocurrency, marking a new phase in the sophistication and creativity of cloud-based cyber threats.
Ivanti Users Face Urgent Security Threat from VPN Vulnerabilities
Ivanti discloses critical VPN vulnerabilities, enabling remote code execution and espionage. Active exploitation by sophisticated threat actors, identified as UNC5221 and UTA0178, has been observed. Users are urged to apply mitigations and monitor for signs of breach, emphasizing the severity of these vulnerabilities and the sophistication of the attacks.
Medusa Ransomware Intensifies Attacks, Unit 42 Reports on Global Impact
Medusa ransomware intensifies attacks globally, leveraging multi-extortion tactics and sophisticated infiltration methods. Targeting industries like technology and education, the Medusa gang exhibits ruthless behavior, notably during the Minneapolis School District attack. Unit 42's insights reveal the dire consequences of these increasingly sophisticated cyber threats.
11 Months of AsyncRAT: Targeted with Precision and Evasion in Mind
AT&T Alien Lab reports an 11-month campaign focusing on delivering AsyncRAT, marked by precision in target selection and evasion. Threat actors target high-value infrastructure, using obfuscated scripts and domain generation algorithms to evade detection. The campaign utilizes unique domain characteristics and hosting services linked to cryptocurrency, complicating consistent detection and response. Despite the sophisticated nature of the campaign, no specific threat group attribution has been made.
Pikabot Spam Campaign by Black Basta-Aligned Water Curupira
Trend Micro highlights the surge in Pikabot malware, potentially filling the void left by Qakbot's disruption. Linked to Black Basta ransomware and operated by Water Curupira, Pikabot is a sophisticated loader malware used in phishing campaigns for unauthorized access and command execution. The malware deploys multi-stage attacks, employs anti-analysis techniques, and enables further malicious activities, signaling a shift in Water Curupira's tactics from DarkGate and IcedID campaigns.
.png)
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
.png)
Whitepapers
Trusted by leading teams at
.png)
.svg)
.svg)
.svg)
.svg)
.svg)
