Anvilogic Forge Threat Research Reports

Here you can find an accumulation of trending threats published weekly by the Anvilogic team.

We curate threat intelligence to provide situational awareness and actionable insights

Threat Identifier Detections

Atomic detections that serve as the foundation of our detection framework.

Threat Scenario Detections

Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.

Reports Hot Off the Forge

Threat News Reports
Trending Threat Reports
ResearchArticles

Forge Threat Report

Forge Report: First Half Threat Trends of 2024

Anvilogic Forge's latest report offers essential insights into key threat trends and adversarial tactics observed in the first half of 2024. From the pervasive use of PowerShell and remote access tools to sophisticated social engineering and attacks on the healthcare sector, this comprehensive analysis provides actionable intelligence and detection rules to bolster your defenses. Explore our key findings and access ready-to-deploy detection content to enhance your security posture.

All Threat Reports

Levels

All
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
This is some text inside of a div block.
09
-
12
-
2024
Level:
Strategic
|
Source:

FTC Alerts a Surge in Bitcoin ATM Scams Citing Record Highs in Loses

The FTC warns of a surge in Bitcoin ATM scams, with over $110 million lost in 2023. Scammers use fake security alerts and impersonation tactics to manipulate victims into depositing funds into their cryptocurrency wallets. The FTC advises caution, urging individuals to verify contacts and avoid hasty financial actions.

Global
This is some text inside of a div block.
09
-
12
-
2024
Level:
Tactical
|
Source:

APT33's Range of Attacks from Password Spraying to Proficiency in Azure

Iranian threat actor APT33, active from April to July 2024, targets aerospace, defense, and other sectors using password spraying, custom malware, and Azure misuse. The group aims for intelligence gathering through advanced tactics. Microsoft advises countermeasures like multifactor authentication to combat APT33's evolving cyber threats.

Aerospace
Defense
Education
Government
Oil and Gas
This is some text inside of a div block.
09
-
12
-
2024
Level:
Tactical
|
Source:

RansomHub's Extensive Reach in Threatening Critical Infrastructure with 210 Victims and Counting

Since February 2024, RansomHub has targeted 210 critical infrastructure organizations across various sectors. Utilizing affiliates from other ransomware groups, the gang employs phishing, vulnerability exploitation, and double extortion tactics. Affected sectors include healthcare, government, and transportation. Security agencies urge organizations to follow mitigation steps to defend against this expanding threat.

Communications
Emergency Response
Financial
Food
Agriculture
This is some text inside of a div block.
09
-
05
-
2024
Level:
Strategic
|
Source:

Chinese Threat Group Volt Typhoon Identified in Versa Director Exploitation

Volt Typhoon, a Chinese threat group, is exploiting CVE-2024-39717, a zero-day vulnerability in Versa Director servers. The flaw allows attackers to upload malicious Java files and execute commands in memory, affecting ISPs and tech firms. U.S. agencies urge immediate patching and enhanced firewall protection to prevent further intrusions.

Internet Service Providers (ISPs)
Technology
This is some text inside of a div block.
09
-
05
-
2024
Level:
Tactical
|
Source:

Bling Libra Strikes AWS for S3 Data Deletion and Extortion

Bling Libra, a threat group linked to ShinyHunters, has compromised AWS environments through exposed credentials, leading to S3 data deletion and extortion. Using tools like S3 Browser and WinSCP, the group exfiltrates data before deletion. Unit 42 recommends enabling comprehensive AWS logging and monitoring for mismanaged credentials.

Global
This is some text inside of a div block.
09
-
05
-
2024
Level:
Tactical
|
Source:

U.S. Agencies Warn of Iranian Cyber Groups Partnering with Ransomware Affiliates

U.S. agencies, including the FBI and CISA, warn of Iranian cyber actors collaborating with ransomware groups to target critical sectors like defense, finance, healthcare, and education. These groups exploit vulnerabilities in networking devices, deploy webshells, and facilitate ransomware attacks with groups like ALPHV/BlackCat. Mitigation strategies focus on patching systems, hardening defenses, and monitoring for anomalies.

Defense
Education
Financial
Government
Healthcare

Intelligence Levels for Threat Reports

Tactical

Detectable threat behaviors for response with threat scenarios or threat identifiers.

Strategic

General information security news, for awareness.

Whitepapers

No items found.

Trusted by leading teams at

Paypal Logo
Rubrik Logo
Deloitte Logo
Ebay Logo
Regeneron Logo
SurveyMonkey Logo
TradeWeb Logo
Alteryx Logo
First Citizens Bank Logo
Crypto.com Logo
Rakuten Mobile Logo
St. George's University Logo
St. George's University Logo
St. George's University Logo
St. George's University Logo
St. George's University Logo
St. George's University Logo
St. George's University Logo
St. George's University Logo
Paypal Logo
Sprinklr Logo
SAP Logo
Ebay Logo
Regeneron Logo
SurveyMonkey Logo
TradeWeb Logo
Alteryx Logo
First Citizens Bank Logo
Crypto.com Logo
Rakuten Mobile Logo
St. George's University Logo
Navan Logo
ADP Logo
Labcorp Logo
Dyson Logo
siemens Logo

Build Detections You Want,
Where You Want

Build Detections You Want,
Where You Want