Anvilogic Forge Threat Research Reports
Here you can find an accumulation of trending threats published weekly by the Anvilogic team.
We curate threat intelligence to provide situational awareness and actionable insights
Atomic detections that serve as the foundation of our detection framework.
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Proofpoint Studies Threat Actor's Multi-Persona Impersonation Technique
Proofpoint researchers uncover APT35's use of Multi-Persona Impersonation (MPI) in email campaigns, involving multiple personas to increase email legitimacy. Targeting academics, policymakers, and researchers in medical and nuclear fields, these campaigns aim to collect intelligence, often using credential harvesting links.
Attacker Had Access to LastPass for Four Days During August Breach
LastPass reports that a threat actor accessed the development environment for four days in August 2022 by compromising a developer's account. Despite this breach, customer data and encrypted vaults were not affected. The company assures strengthened security controls and separation of production and development environments.
Hacker Steals and Sells Customer Data for Singapore Starbucks
On September 10th, 2022, a hacker sold a database containing data of 219,675 Singapore Starbucks customers on BreachForums. The breach exposed personal details but not financial information. Starbucks has notified affected customers and advised them to reset their credentials.
TeamTNT Attacks Honeypots Exposing their Own Credentials
Trend Micro's honeypots revealed TeamTNT's attempts to exploit misconfigured Docker servers, accidentally leaking their own DockerHub credentials. The attackers, identified through accounts "alpineos" and "sandeep078," aimed to perform cryptojacking. Analysis showed three scenarios explaining how the credentials were exposed, including direct login and failure to log out.
Malware Spreading on YouTube Videos Featuring Videogame Tutorials
Kaspersky researchers find RedLine malware in YouTube videogame tutorials. The malware is hidden in downloads masquerading as game cheats and cracks. It steals sensitive user data and uses infected YouTube accounts to propagate further, targeting popular game titles.
Gamaredon APT Targets Ukraine with Infostealer Campaign
Cisco Talos identifies an espionage campaign by Russian threat group Gamaredon targeting Ukrainian entities with a new infostealer malware. The attack begins with phishing emails containing weaponized documents that deploy macros to download and execute malicious scripts, establish persistence, and deploy the custom infostealer.
.png)
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
.png)
Whitepapers
The World's Best SOC Teams Use Anvilogic
.png)
.svg)
.svg)
.svg)
.svg)
.svg)
