Anvilogic Forge Threat Research Reports
Here you can find an accumulation of trending threats published weekly by the Anvilogic team.
We curate threat intelligence to provide situational awareness and actionable insights
Atomic detections that serve as the foundation of our detection framework.
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Analyzing Operation LiberalFace, An Attack Against Japanese Politicians
ESET researchers expose Operation LiberalFace, a spearphishing campaign by the Chinese threat group MirrorFace. Targeting Japanese politicians ahead of the July 2022 election, the campaign used phishing emails to deploy LODEINFO malware and MirrorStealer credential stealer. The malware captures screenshots, keylogs, and exfiltrates credentials from web browsers and email clients.
Malicious Scheduled Tasks Reveal A Russian Campaign Against the Ukrainian Government
Mandiant identifies a Russian campaign against the Ukrainian government using trojanized ISO files masquerading as Windows 10 installers. The attack involves malicious scheduled tasks communicating with a TOR site, aiming to exfiltrate data. Linked to UNC4166 and GRU operations, the campaign reflects sophisticated espionage tactics.
Russian Threat Group, Initiate Credential Harvesting Campaign Across Many Verticals
Recorded Future's Insikt Group reports Russian threat group TAG-53 targeting aerospace, defense, government, and other sectors in a credential harvesting campaign. The group, linked to Callisto Group, COLDRIVER, and SEABORGIUM, uses spoofed Microsoft login pages and recurring infrastructure traits like specific domain names and TLS certificates.
Russia's Cyber Aggression Against Ukraine May Escalate During Winter
Microsoft warns of escalating Russian cyber aggression against Ukraine's critical infrastructure during winter. Predictions include increased attacks on energy, water systems, and supply routes. The warning extends beyond Ukraine, with potential cyberattacks on countries aiding Ukraine, influenced by economic and social factors.
Vice Society A Threat Group of Opportunity
Palo Alto Unit42 profiles Vice Society, a ransomware group targeting various industries, notably education and healthcare, since 2021. Known for exploiting the PrintNightmare vulnerability and using HelloKitty and Zeppelin ransomware, Vice Society times attacks with the school year calendar. California, Texas, and Pennsylvania are among the most affected states.
Iranian Threat Actor Launches New 'Fantasy' Data Wiper
ESET reveals that Iranian threat group Agrius has deployed a new data wiper named 'Fantasy' in supply-chain attacks targeting organizations in Hong Kong, Israel, and South Africa. The 'Fantasy' wiper overwrites files and the master record, but recovery has been possible for some victims, with damages reversed within hours.
.png)
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
.png)
Whitepapers
The World's Best SOC Teams Use Anvilogic
.png)
.svg)
.svg)
.svg)
.svg)
.svg)
