Anvilogic Forge Threat Research Reports
Here you can find an accumulation of trending threats published weekly by the Anvilogic team.
We curate threat intelligence to provide situational awareness and actionable insights
Atomic detections that serve as the foundation of our detection framework.
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
LockBit Faces DDoS Attack Of Their Own
On August 19, 2022, LockBit's attempt to leak 300GB of Entrust data was disrupted by a DDoS attack. LockBitSupp announced improvements to their infrastructure and a new triple extortion scheme: encryption, data leak, and DDoS attacks. The group is actively recruiting DDoS attackers. Despite the attack, LockBit released the Entrust data via a legitimate torrent.
Ragnar Locker Ransomware Attacked Energy Sector
Cybereason reports Ragnar Locker ransomware's attack on Greek natural gas operator DESFA on August 23, 2022, with no impact on gas supply. The attack involved data collection, shadow copy deletion, and encryption. This incident marks the fourth recent ransomware attack on energy providers, including ENN Group, Creos/Encevo, and South Staffordshire PLC.
Trend Mico Takes a Deep Dive into Black Basta Ransomware
Trend Micro's research into Black Basta ransomware highlights the group's targeted approach, affecting industries such as apparel, finance, and technology. Active since April 2022, Black Basta uses spear phishing to deploy Qakbot malware and PowerShell scripts for reconnaissance and lateral movement. Exploiting PrintNightmare for privilege escalation and using Rclone for data exfiltration, the group has been most active in June 2022.
Threat Actors JuiceLedger's Newest Attack Campaign Uses PyPI Phishing
Collective research by Checkmarx and SentinelOne reveals JuiceLedger's recent phishing campaign, targeting PyPI packages with JuiceStealer malware. The attack starts with a Google validation-themed phishing email leading to credential harvesting. Poisoned packages such as exotel and spam were downloaded over 680,000 times before being taken down. Contributors are advised to use two-factor authentication to safeguard their packages.
Office Macros and James Webb Telescope Images Used in Infection Chain
Securonix uncovers a phishing campaign leveraging NASA's James Webb telescope images and Office macros to spread Golang malware. The infection chain starts with a malicious document, downloading and executing a VBS macro, which then decodes a JPG file containing Base64 code. The malware establishes persistence and initiates a C2 connection, with new domains registered as recently as May 29, 2022.
LockBit Claims Hack On French Hospital
LockBit ransomware attacked the French Center Hospital Sud Francilien on August 21, 2022, demanding a $10 million ransom. The attack caused significant disruptions, diverting patient care to other facilities and delaying surgeries. The hospital is operating without IT services, leading to longer wait times and limited services.
.png)
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
.png)
Whitepapers
The World's Best SOC Teams Use Anvilogic
.png)
.svg)
.svg)
.svg)
.svg)
.svg)
