Anvilogic Forge Threat Research Reports
Here you can find an accumulation of trending threats published weekly by the Anvilogic team.
We curate threat intelligence to provide situational awareness and actionable insights
Atomic detections that serve as the foundation of our detection framework.
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
CISA Updates Advisory for Royal Ransomware Gang, Amassed $275 Million in Ransom
The Cybersecurity and Infrastructure Security Agency (CISA) has updated its advisory on the Royal ransomware group, revealing its significant global impact since September 2022. The group, suspected of rebranding to 'Blacksuit,' has targeted over 350 victims worldwide, particularly in critical sectors, accumulating ransoms exceeding $275 million. Utilizing phishing, RDP, and exploiting vulnerable applications, Royal gains initial access, later employing tools like Chisel, Cobalt Strike, and leveraging Qakbot C2 infrastructure.
A Russian Threat Actor a Mastermind of Ransomware Influences 5 Strains
Group-IB has infiltrated the Nokoyawa ransomware-as-a-service (RaaS), revealing a key Russian threat actor known as 'farnetwork.' Active since 2019, 'farnetwork' has been linked to the development of several ransomware strains, including JSWORM, Nefilim, Karma, and Nemty. This actor, operating under multiple aliases, engages affiliates by providing access to corporate networks, only requiring them to escalate privileges and execute attacks.
Unit 42 Reveals Intricate Chinese APT Attack on Cambodia's Government
Unit 42 has identified a complex cyber espionage campaign by Chinese Advanced Persistent Threat (APT) groups targeting as many as 24 Cambodian government entities. The campaign, marked by sophisticated techniques, enticed victims under the guise of cloud backup services, targeting crucial sectors such as defense, election oversight, and telecommunications. The APTs cleverly used a honeypot and IP filtering to reduce detection risks, with activities peaking during Cambodia's business hours.
SysAid Vulnerability Exploited in Lace Tempest's Latest Clop Ransomware Campaigns
Microsoft's Threat Intelligence team has identified attempts by Lace Tempest, also known as FIN11 and TA505, to exploit a critical zero-day vulnerability in SysAid On-Prem software, CVE-2023-47246. This path traversal flaw enables unauthorized actors to upload malicious payloads and initiate ransomware attacks. The targeted SysAid versions are those earlier than 23.3.36. Post-exploitation activities involve deploying the Gracewire malware loader, followed by human-operated actions like lateral movement, data theft, and eventual ransomware deployment.
Iranian APT Group 'Agonizing Serpens' Campaigns for Data Theft and Destruction
Unit 42 has identified a series of cyberattacks by the Iranian APT group Agonizing Serpens, targeting Israeli organizations in the education and technology sectors from January to October 2023. The group, also known as Agrius, BlackShadow, and Pink Sandstorm, utilized tactics like exploiting public-facing applications, credential theft, lateral movement, and data exfiltration. They deployed webshells, conducted reconnaissance, and used tools like Mimikatz for credential harvesting.
Kinsing Attackers Experiments with "Looney Tunables" Exploit for Cloud Compromise
The Kinsing malware group has shifted its focus towards exploiting the Looney Tunables Linux vulnerability, CVE-2023-4911, to compromise cloud environments. This new approach, involving the exploitation of PHPUnit and Looney Tunables vulnerabilities, demonstrates the group's evolving tactics from cryptomining to more intensive cloud-based attacks. AquaSec's analysis reveals their methodical experimentation with this exploit, hinting at a strategic expansion in their cyber activities.
.png)
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
.png)
Whitepapers
The World's Best SOC Teams Use Anvilogic
.png)
.svg)
.svg)
.svg)
.svg)
.svg)
