Anvilogic Forge Threat Research Reports
Here you can find an accumulation of trending threats published weekly by the Anvilogic team.
We curate threat intelligence to provide situational awareness and actionable insights
Atomic detections that serve as the foundation of our detection framework.
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Compromised Credentials Facilitated the Breach Against the City of Dallas
In a revealing After-Action Report, the City of Dallas has detailed the timeline and impact of a crippling ransomware attack executed by the Royal gang, beginning covertly on April 7th, 2023, and erupting into a full-blown attack on May 3rd. Utilizing compromised credentials to breach the city's network, the threat actors deployed Cobalt Strike beacons and meticulously exfiltrated around 1.169 TB of data, culminating in a widespread encryption of prioritized servers using legitimate administrative tools.
Chinese Hacker Group Budworm Deploys An Updated Custom Malware - 'SysUpdate'
Budworm, a Chinese APT group also recognized as LuckyMouse and APT27, has sharpened its cyber-espionage arsenal with an upgraded variant of its custom malware, 'SysUpdate,' as revealed by Symantec's Threat Hunter Team. In a recent campaign against a Middle Eastern telecommunications organization and an Asian government agency, Budworm utilized this enhanced SysUpdate backdoor, employing DLL sideloading via a legitimate application (INISafeWebSSO) to skillfully avoid detection while ensuring the execution of its malicious code.
Persistent Threats from the East: Stately Taurus's Ongoing Campaigns Revealed
Unit42 identifies a meticulous cyberespionage campaign orchestrated by Stately Taurus (also known as Mustang Panda and Earth Preta) against Southeast Asian governments from Q2 2021 to Q3 2023. Employing a suite of sophisticated tools, such as LadonGo and Cobalt Strike, and tactics like intelligent data gathering with wevtutil, the Chinese APT group successfully infiltrates networks, targeting notable governmental figures and exfiltrating sensitive information.
The Siege of Southeast Asia's Government Sector with Alloy Taurus
Unit42 pinpoints Alloy Taurus, a Chinese cyberespionage faction, directing an aggressive and persistent cyber campaign at Southeast Asian government entities from early 2022. Specializing in exploiting Exchange Server vulnerabilities and deploying various web shells and backdoors, such as China Chopper, Reshell, and Zapoa, the group seeks to pave secretive pathways into protected networks. Their utilization of several cyber tools, including Cobalt Strike and Gh0stCringe RAT, and tactics like credential theft and brute force attacks indicates a motive geared towards stealthy, extended espionage within the region.
Phishing Reigns Supreme: Rockwell Automation Unveils Key Tactics in Industrial Cyberattacks
Rockwell Automation's groundbreaking study with Cyentia Institute delves deep into the industrial sector's cyber vulnerabilities. Analyzing 122 cybersecurity events, the report uncovers a concerning trend: over 60% of attacks are state-affiliated, with internal personnel unintentionally aiding in a third of these incidents. The energy sector emerges as the most targeted, and phishing dominates as the preferred attack method.
Lazarus Strikes Again: Fifth Major Crypto Attack Targets CoinEx in 2023
In a growing series of crypto attacks in 2023, the North Korean Lazarus Group is suspected of orchestrating a breach on CoinEx. Elliptic's research uncovers parallels between this and Lazarus' previous thefts, marking a strategic shift in the group's focus from decentralized to centralized crypto services. This surge in Lazarus' attacks, coupled with their evolving tactics, amplifies concerns in the financial industry about the security of centralized exchanges.
.png)
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
.png)
Whitepapers
Trusted by leading teams at
.png)
.svg)
.svg)
.svg)
.svg)
.svg)
