Anvilogic Forge Threat Research Reports
Here you can find an accumulation of trending threats published weekly by the Anvilogic team.
We curate threat intelligence to provide situational awareness and actionable insights
Atomic detections that serve as the foundation of our detection framework.
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Growing Cyber Threats in Ukraine with New Ransomware Strain, RansomBoggs
ESET researchers discover RansomBoggs, a new ransomware strain targeting Ukrainian organizations, attributed to the Russian Sandworm group. The malware, written in .NET, uses PowerShell scripts for deployment, resembling past Sandworm tactics. References to Monsters Inc and ties to Prestige ransomware highlight Sandworm's ongoing cyber activities.
Insights from the Yanluowang Ransomware Chat Leaks
Trellix analyzes leaked chat logs from the Yanluowang ransomware group, revealing collaboration with HelloKitty, Babuk, and Conti ransomware groups. Despite having numerous compromised credentials, the group struggles with manpower to exploit them. Concerns about the Conti leaks and government attention are also highlighted.
Mustang Panda Target Asian Government Entities
Researcher Yoshihiro Ishikawa reports Mustang Panda's latest campaign targeting the Philippine government with Claimloader malware. Delivered via malicious ZIP files, the malware establishes persistence and communicates with C2 servers. The campaign, based on file names, might also target Japan in future operations.
Emulating Threat Activity from OilRig
MITRE Engenuity's emulation plan replicates the Iranian threat group OilRig's tactics, techniques, and procedures, focusing on their use of custom web shells, PowerShell operations, and unique data exfiltration. The 10-step plan provides valuable insights for security defenders to develop threat detection and improve defense strategies.
Black Basta Initiate Aggressive Qakbot Campaigns
Cybereason reports Black Basta ransomware group's aggressive Qakbot campaigns targeting US entities. The group uses spearphishing emails and exploits vulnerabilities to deploy malware. They rapidly obtain domain administrator privileges and deploy ransomware, with observed campaigns targeting over 10 US entities starting November 14th, 2022.
An Elevate Cyberattack Surface Threatens Nuclear Facilities
Cyble reports rising cyber threats against nuclear facilities amid the Russia-Ukraine war. Vulnerabilities in networks and exposed sensitive data have led to breaches in countries like Russia, Taiwan, and Brazil. Leaked data, including source code and PII, could facilitate further attacks on these critical infrastructures.
.png)
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
.png)
Whitepapers
The World's Best SOC Teams Use Anvilogic
.png)
.svg)
.svg)
.svg)
.svg)
.svg)
