Anvilogic Forge Threat Research Reports
Here you can find an accumulation of trending threats published weekly by the Anvilogic team.
We curate threat intelligence to provide situational awareness and actionable insights
Atomic detections that serve as the foundation of our detection framework.
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
#StopRansomware Warns of Play Ransomware with 300 Entities Worldwide Compromised
The joint advisory from the FBI, CISA, and ASD’s ACSC raises awareness of the Play ransomware group, also known as Playcrypt. Active since June 2022, Play ransomware has affected a broad range of sectors globally, including critical infrastructure in North America, South America, and Europe. The group has compromised approximately 300 entities by exploiting vulnerabilities in public-facing applications like FortiOS and Microsoft Exchange.
International Law Enforcement Agencies Unite to Take Down ALPHV/Blackcat’s Darknet Website
A major collaborative law enforcement effort led to the seizure of the notorious ALPHV/Blackcat ransomware gang's darknet website on December 19th. This action, credited to agencies like the FBI, US Justice Department, Europol, and others, was facilitated by a confidential source. Initially reported by The Record and observed by RedSense's Yelisey Bohuslavkiy, the seizure followed disruptions in the gang's operations.
China Poised for Disruptive Infrastructure Attacks Against US
The Washington Post's investigation, led by Ellen Nakashima and Joseph Menn, highlights a concerning shift in China's cyber operations against the United States. Chinese military hackers, linked to the People’s Liberation Army, have successfully infiltrated over two dozen critical American infrastructure entities.
Red Canary Gives Insights of Where BITSAdmin Can Initiate a Investigation
Red Canary's detailed blog post highlights the crucial aspects of detecting and responding to a potential cyber threat involving the BITSAdmin tool. The incident began with an alert triggered by BITSAdmin downloading a suspicious file, flagged due to unusual admin activities and connections to a Russian IP. Further investigation revealed the creation of admin accounts with passwords linked to Russian business entities and interests.
Abuse of OAuth Applications for Cryptomining and Phishing
Microsoft's Threat Intelligence team has identified a significant increase in cyber threats exploiting OAuth applications for financial gains. Attackers are manipulating OAuth, a secure authorization protocol, to automate malicious actions like deploying virtual machines for cryptocurrency mining, establishing persistence in BEC campaigns, and initiating large-scale spamming activities. In one case, threat actor Storm-1283 used a compromised account to create an OAuth application, deploying virtual machines for cryptomining and incurring compute fees up to $1.5 million USD.
Lazarus Targets the Continued Relevance of the Log4j Vulnerability
Cisco Talos reports that the North Korean state-sponsored Lazarus Group, as part of Operation Blacksmith, continues to exploit the two-year-old Log4j vulnerability, CVE-2021-44228, for initial access. This campaign involves new DLang-based malware targeting industries in South America and Europe. The Lazarus Group, encompassing various sub-groups like Andariel APT, employs these advanced tactics to support North Korea's national interests.
.png)
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
.png)
Whitepapers
Trusted by leading teams at
.png)
.svg)
.svg)
.svg)
.svg)
.svg)
