Anvilogic Forge Threat Research Reports
Here you can find an accumulation of trending threats published weekly by the Anvilogic team.
We curate threat intelligence to provide situational awareness and actionable insights
Atomic detections that serve as the foundation of our detection framework.
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Microsoft Analyzes & Disrupts Zloader
Microsoft's efforts, in collaboration with telecommunications providers, have led to the takedown of various ZLoader infrastructure. ZLoader malware is delivered through multiple attack chains, including emails with malicious links or attachments, and Google Ads leveraging compromised legitimate domains. Upon execution, a malicious MSI triggers PowerShell scripts to download the ZLoader payload. The modular malware creates persistence, downloads additional payloads, and conducts system enumeration to meet attackers' objectives.
BlackCat Breaches Florida International University
BlackCat (ALPHV) ransomware has breached Florida International University (FIU), claiming to have compromised approximately 1.2TB of data, including contracts, accounting documents, social security numbers, and email databases. FIU has acknowledged the ransomware group's claim but denies that sensitive information has been compromised. The investigation is ongoing.
Lapsus$ Breached SuperCare Health in July 2021
In July 2021, SuperCare Health, a California-based respiratory care provider, experienced a data breach by the Lapsus$ group, affecting 318,379 patients. Compromised data included patient names, birthdates, medical and insurance information, with some patients' social security numbers and driver's license information also exposed.
DHS Prevents Cyberattack on Hawaiian Telecommunications Company
The Department of Homeland Security (DHS) prevented a cyberattack on a Hawaiian telecommunications company utilizing underwater cables. DHS investigators received a tip, allowing them to disrupt the attack without causing any damage or disruption to Hawaii's telecommunication infrastructure.
Conti & Karakurt Data Extortion Group
By accessing Conti servers, Infinitum IT Cyber Threat Intelligence team has identified a connection between the Conti ransomware group and the data extortion group Karakurt. Unlike Conti, Karakurt focuses solely on data exfiltration and extortion, gaining access primarily through compromised VPN credentials. Between September and November 2021, Karakurt compromised over 40 organizations, with an additional 11 in December 2021, primarily targeting entities in Canada and the United States. Infinitum IT's research, which began on February 27th, 2022, leveraged the Conti leaks to access resources such as Protonmail and Mega Upload. They discovered Conti uploading data to Karakurt's C2 servers using FileZilla and identified shared resources between the groups. Additionally, Conti's use of Inferno solutions, a Russian VPS service, led to the discovery of a data storage system containing over 20TB of victim data. Infinitum IT has shared this intelligence with the government.
Identify and Access Management (IAM) Lacking
Palo Alto Unit42's analysis reveals significant weaknesses in identity and access management (IAM) configurations for cloud security. Key issues include 44% of organizations allowing password reuse and 53% not enforcing complex passwords. Additionally, overly permissive policies are common, with cloud service provider policies providing 2.5 times more permissions than customer-managed policies. These IAM weaknesses facilitate easier access for attackers, with top threat groups including TeamTNT, WatchDog, Kinsing, Rocke, 8220, APT29, and APT41.
.png)
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
.png)
Whitepapers
The World's Best SOC Teams Use Anvilogic
.png)
.svg)
.svg)
.svg)
.svg)
.svg)
