Anvilogic Forge Threat Research Reports
Here you can find an accumulation of trending threats published weekly by the Anvilogic team.
We curate threat intelligence to provide situational awareness and actionable insights
Atomic detections that serve as the foundation of our detection framework.
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
CISA Advises Switching to Signal for Secure Mobile Communication
CISA advises using Signal for secure communication amid cyber espionage by Salt Typhoon, linked to Chinese operations. Highly targeted individuals, including senior officials, should adopt encrypted messaging, enable phishing-resistant MFA, and update devices to modernize security. Measures include Lockdown Mode on iPhones and Private DNS for Android users.
Critical Apache Struts Vulnerability CVE-2024-53677 Exploited in Active Attacks
Apache Struts CVE-2024-53677, a critical RCE vulnerability in file upload handling, is exploited in active attacks. Affected Struts versions require upgrading to 6.4.0+ and implementing the new Action File Upload mechanism. Security agencies globally urge immediate action as attackers leverage PoC code for system enumeration and malicious uploads.
Months-Long Cyber Espionage Operation Hits Key Industries in Southeast Asia
A cyber espionage campaign has targeted critical industries in Southeast Asia, including aviation, government, media, and telecommunications, since October 2023. Leveraging LOLBins and remote access tools, attackers exfiltrated sensitive data and maintained stealth. Though tactics align with Chinese APT groups, specific attribution remains inconclusive.
U.S. Treasury Sanctions Sichuan Silence for Firewall Exploits and Ransomware Attacks
The U.S. Treasury sanctioned Sichuan Silence and Guan Tianfeng for exploiting a Sophos firewall zero-day vulnerability to deploy the Asnarök Trojan and attempt Ragnarok ransomware attacks. The campaign compromised over 81,000 firewalls globally, including critical U.S. infrastructure, prompting asset freezes and an indictment for Guan's cybersecurity activities.
Secret Blizzard Leverages Rival Infrastructure to Target Ukrainian Military in Espionage Campaign
Microsoft identifies Russian group Secret Blizzard exploiting rival malware infrastructure to target Ukrainian military systems, focusing on devices using Starlink internet. The group deploys KazuarV2 backdoors, uses DLL sideloading for stealth, and conducts extensive system reconnaissance, highlighting their advanced capabilities and prioritization of Ukrainian military intelligence.
Four-Month Espionage Campaign Hits U.S. Organization, Compromising Five Workstations
Symantec uncovered a four-month espionage campaign targeting a U.S. organization, attributed to China-based actors. The attackers compromised five workstations, employing WMI, DLL sideloading, and credential dumping. Advanced techniques enabled lateral movement, email theft, and evasion, underscoring the persistence and sophistication of the threat.
.png)
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
.png)
Whitepapers
The World's Best SOC Teams Use Anvilogic
.png)
.svg)
.svg)
.svg)
.svg)
.svg)
