Anvilogic Forge Threat Research Reports
Here you can find an accumulation of trending threats published weekly by the Anvilogic team.
We curate threat intelligence to provide situational awareness and actionable insights
Atomic detections that serve as the foundation of our detection framework.
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Octo Tempest Flourishing with High-Pressure Social Engineering Attacks
Octo Tempest, a financially motivated cyber threat group, has escalated its sophisticated cyberattacks since first being detected in March 2022. Microsoft's research highlights the group's advanced social engineering tactics, strategically focusing on high-privilege users within targeted organizations. Techniques include SIM-swapping and impersonation, often convincing users to change passwords or reset MFA settings.
APT28's Persistent Attacks Abuses Outlook Vulnerability, CVE-2023-23397 Since 2022
APT28, a Russian state-sponsored threat group, has been actively exploiting a critical privilege escalation vulnerability, CVE-2023-23397, in Microsoft Outlook. Identified by Unit 42, this exploitation dates back to March 2022, targeting over 30 organizations in 14 nations. The victims span a wide range of industries, including government, defense, energy, telecommunications, and more, primarily targeting NATO-related entities.
Securing the Cloud: Red Canary's Insightful Report on STS Abuse Tactics
Red Canary's threat detection blog highlights the critical role of AWS's Secure Token Service (STS) in cloud security. The report reveals how adversaries abuse STS to impersonate user identities and roles within AWS, leading to significant security threats. Common methods of initial access include malware infections, phishing, and exposed credentials, enabling adversaries to compromise long-term IAM tokens (AKIA).
CISA Warns of Exploitation with Adobe ColdFusion Vulnerability - CVE-2023-26360
CISA has issued an advisory on the exploitation of Adobe ColdFusion vulnerability, CVE-2023-26360, impacting Federal Civilian Executive Branch (FCEB) servers. This vulnerability, leading to potential arbitrary code execution, was exploited in two incidents between June and July 2023.
Water Facilities Targeted in Active Exploitation of Unitronics PLCs
CISA's latest advisory alerts about the active exploitation of Unitronics PLCs, crucial in Water and Wastewater Systems (WWS). A breach in a U.S. water facility's Unitronics PLC highlights the risk to water treatment processes. CISA's measures for securing PLC devices include changing default passwords, implementing multifactor authentication, disconnecting PLCs from the internet, and using firewalls/VPNs.
Okta Expands Impact Scope of the October Customer Support Portal Breach
Okta's ongoing probe into the October 2023 breach of its customer support portal, the Okta Help Center, has uncovered that a threat actor accessed and downloaded a report containing names and email addresses of all Okta customer support system users on September 28th, 2023. This breach affected all Okta Workforce Identity Cloud (WIC) and Customer Identity Solution (CIS) customers, excluding those in FedRamp High and DoD IL4 environments, and the Auth0/CIC support case management system was not impacted.
.png)
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
.png)
Whitepapers
Trusted by leading teams at
.png)
.svg)
.svg)
.svg)
.svg)
.svg)
