Anvilogic Forge Threat Research Reports
Here you can find an accumulation of trending threats published weekly by the Anvilogic team.
We curate threat intelligence to provide situational awareness and actionable insights
Atomic detections that serve as the foundation of our detection framework.
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Weaponized Excel Files Target Ukrainian Military
Fortinet's FortiGuard Labs discovered a campaign targeting Ukraine's military with weaponized Excel files disguised as salary spreadsheets. The infection chain uses macros to deliver DLL files and scheduled tasks to execute Cobalt Strike. Attackers bypass security tools and create persistence using COM functions.
AhnLabs Reports of LockBit Operators Exploiting Exchange Vulnerabilities
AhnLab reports that LockBit 3.0 ransomware operators exploited undisclosed Exchange vulnerabilities on Windows Servers. The attack included web shells, Mimikatz for credential access, and data exfiltration before deploying ransomware. The compromised organization had a history of security incidents tied to Exchange vulnerabilities.
Researchers Find Black Basta Using Qakbot & Adversary Emulation Tools For Spam Email Intrusions
Trend Micro reports Black Basta ransomware operators using Qakbot for initial access and deploying Brute Ratel and Cobalt Strike via spam emails. The attack bypasses security measures using password-protected archives and ISO files, with the entire intrusion lasting under 45 minutes. Reconnaissance and lateral movement are key tactics observed.
Security Incident Shuts Down Nonprofit Hospital Systems
CommonSpirit Health, a major nonprofit healthcare system, experiences a cyberattack leading to the shutdown of IT systems, including EHR. The incident impacts facilities across 21 states, affecting over 140 hospitals. Patient appointments are being rescheduled, and protocols for system outages are being followed.
New Cryptocurrency Schemes Warned by FBI
The FBI alerts the public to the "Pig Butchering" cryptocurrency scam, where scammers impersonate reputable traders to lure victims into investing in fake trading platforms. Victims are misled with false investment growth metrics and are unable to withdraw their funds, losing contact with the fraudsters.
Vice Society Leaks Data from LAUSD
On October 2nd, 2022, Vice Society leaked data from Los Angeles Unified School District (LAUSD) following unmet ransom demands. The breach includes sensitive student information and legal documents. LAUSD advises vigilance against social engineering attacks using the compromised data. Investigations are ongoing with law enforcement and cybersecurity experts.
.png)
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
.png)
Whitepapers
The World's Best SOC Teams Use Anvilogic
.png)
.svg)
.svg)
.svg)
.svg)
.svg)
