Anvilogic Forge Threat Research Reports
Here you can find an accumulation of trending threats published weekly by the Anvilogic team.
We curate threat intelligence to provide situational awareness and actionable insights
Atomic detections that serve as the foundation of our detection framework.
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Russian Code Discovered in U.S Government Agencies & Mobile App Stores
Reuters reports Pushwoosh, a Russian company posing as U.S-based, embedded code in U.S. Army and CDC apps. The code, now removed, was also found in over 8,000 mobile apps in app stores. This raises significant security concerns and potential FTC law violations, despite Pushwoosh's claims of data storage in the U.S. or Germany.
Conti's Trails
Though the Conti ransomware group shut down in May 2022, its influence remains evident in the operations of Quantum, Black Basta, and Royal ransomware. These groups share tactics, techniques, and infrastructure linked to Conti, as highlighted by @BushidoToken. Conti's legacy endures in the evolving ransomware ecosystem.
Russian Hacktivists Create New Somnia Ransomware
CERT-UA reports that Russian hacktivists 'From Russia with Love' have created the Somnia ransomware, targeting Ukrainian organizations without demanding ransom. The ransomware acts as a data wiper, with no decryptor available. The group uses compromised credentials and mimics legitimate software for access, employing tools like AnyDesk and Cobalt Strike.
New Campaigns from Chinese Cyberespionage Group Lotus Blossom
Symantec researchers discover new campaigns by the Chinese cyberespionage group Lotus Blossom, targeting Asian certificate authorities, government, and defense sectors. Operating since 2009, the group uses custom backdoors Hannotog and Sagerunex, along with common tools for stealthy operations. Data collection and exfiltration remain their primary objectives.
Iranian-backed Threat Actor Exploits Log4Shell Vulnerability
A joint advisory from CISA and the FBI attributes an attack on a Federal Civilian Executive Branch organization to an Iranian-backed threat actor exploiting the Log4Shell vulnerability. The attackers deployed XMRig malware, used Mimikatz for credential theft, modified Windows Defender settings, and established persistence with Ngrok.
The Latest Hive Ransomware News
CISA's #StopRansomware update highlights Hive ransomware's impact, victimizing over 1,300 companies and demanding $100 million in ransoms. Active since June 2021, Hive targets various sectors using phishing, exploiting public-facing applications, and compromised credentials. Post-exploitation activities include tampering with defenses, data exfiltration, and reinfecting networks.
.png)
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
.png)
Whitepapers
The World's Best SOC Teams Use Anvilogic
.png)
.svg)
.svg)
.svg)
.svg)
.svg)
