Anvilogic Forge Threat Research Reports
Here you can find an accumulation of trending threats published weekly by the Anvilogic team.
We curate threat intelligence to provide situational awareness and actionable insights
Atomic detections that serve as the foundation of our detection framework.
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Deadly Russian Malware With Impact Against the Industrial Power Grid
Mandiant researchers discovered Russian-linked malware CosmicEnergy designed to disrupt power grids by targeting IEC-104 devices. Found on VirusTotal, CosmicEnergy is Python-based and resembles malware used against Ukraine's energy sector. It exploits MSSQL servers to send remote commands, posing a significant threat to critical infrastructure in Europe, the Middle East, and Asia.
Threat Group, "GUI-vil" Prefers GUI for Coinmining Operations
The financially motivated threat group GUI-vil, tracked by Permiso, has been active in cloud cryptomining operations since 2021. Preferring GUI tools over CLI utilities, GUI-vil exploits vulnerabilities and exposed credentials to launch large EC2 instances for mining cryptocurrency. The group's operational tactics include mimicking legitimate users and adapting persistence to avoid detection. GUI-vil's activity, including using tools like S3 Browser and AWS Management Console, underscores the need for robust cloud security measures.
Earlier Intrusions from Volt Typhoon
Secureworks reveals early intrusions by the Chinese espionage group Volt Typhoon (BRONZE SILHOUETTE), targeting critical infrastructure in 2021 and 2022. Volt Typhoon employs living-off-the-land binaries and web shells for persistence and stealth. Notable tactics include exploiting public-facing applications and compromised credentials, obtaining the ntds.dit AD database, and using reconnaissance commands. The group's minimal intrusion footprint makes detection challenging, emphasizing the need for vigilant monitoring and robust security measures.
Chinese Hackers Compromised US Infrastructure for Data Collection and Disruption
Volt Typhoon, a Chinese espionage group, has been targeting US critical infrastructure since 2021, focusing on intelligence collection and developing capabilities for potential disruption. The group uses living-off-the-land binaries (LOLBins) and proxies traffic through compromised network devices for stealth. Industries targeted include communications, government, education, manufacturing, maritime, and utilities. Organizations are urged to monitor for suspicious activities and secure their networks.
Cyberattacks Escalating Between China & Taiwan
Geopolitical tensions between China and Taiwan have led to a surge in cyberattacks, with a significant increase in malicious email distribution targeting Taiwanese individuals. Trellix reports a fourfold increase in such emails from April 7th to April 10th, 2023, targeting the technology, manufacturing, and logistics sectors. The PlugX RAT, commonly used by Chinese-linked threat groups, has been the primary payload, aiding in intelligence collection and espionage.
Stealthy and Targeted Attacks Against Southern Asian Organizations from Lancefly
Lancefly, an APT group, uses the Merdoor malware to target organizations in South and Southeast Asia for intelligence gathering. Since mid-2022, they have focused on sectors such as aviation, communications, government, and technology. Lancefly's campaigns involve sophisticated techniques like SSH brute force attacks, process injection, and credential dumping. Symantec researchers note potential links to Chinese APT groups APT41 and TG-3390.
.png)
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
.png)
Whitepapers
Trusted by leading teams at
.png)
.svg)
.svg)
.svg)
.svg)
.svg)
