Anvilogic Forge Threat Research Reports
Here you can find an accumulation of trending threats published weekly by the Anvilogic team.
We curate threat intelligence to provide situational awareness and actionable insights
Atomic detections that serve as the foundation of our detection framework.
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Emotet Storms Back
Proofpoint researchers report a resurgence of Emotet malware, with a significant increase in infected emails since November 2022. Emotet uses hijacked email threads and invoice-themed lures, deploying IcedID and Bumblebee loaders. To bypass security controls, victims are tricked into moving malicious Excel files into trusted system locations.
Venus Ransomware Attacks Healthcare Organizations
The U.S. Department of Health and Human Services reports the Venus ransomware group targeting healthcare organizations since August 2022. The group exploits open remote desktop services and encrypts files with a '.venus' extension. Despite not having a data leak site, Venus uses various contact methods, indicating multiple threat actors are distributing the ransomware.
DDoS Attacks From Hacktivists Haven't Been Heavy Hitters
The FBI's latest assessment reveals that hacktivist DDoS attacks have caused minor impacts, often targeting websites rather than critical services. Pro-Russian group Killnet has been active but with limited success, causing disruptions without significant service interruptions, including an attempted attack on the U.S. Treasury.
The Worrying State of Cybersecurity in Italy
Cyble Research raises concerns about Italy's cybersecurity, highlighting the rise in cyberattacks against critical industries. Italy, a top global exporter, faces threats exacerbated by the Russia-Ukraine conflict. Significant attacks include those on energy suppliers GSE and Eni, the Ministry of Defense, and Vodafone Italy.
Earth Longzhi Another Subgroup to APT41
Trend Micro identifies Earth Longzhi, a new subgroup of APT41, targeting East and Southeast Asia since 2020. Earth Longzhi exploits RCE vulnerabilities and uses phishing emails to deploy Cobalt Strike and custom tools for privilege escalation and credential dumping, impacting sectors like academics, aviation, and healthcare.
IPFS A Web3 Technology Used to Host Phishing & Malware
Cisco Talos identifies threat actors exploiting IPFS, a Web3 protocol, to host phishing and malware campaigns. Leveraging IPFS's low-cost and resilient storage, attackers deliver payloads like Agent Tesla via phishing emails. The platform's resistance to content moderation complicates detection, posing an increasing threat in 2022.
.png)
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
.png)
Whitepapers
The World's Best SOC Teams Use Anvilogic
.png)
.svg)
.svg)
.svg)
.svg)
.svg)
