Anvilogic Forge Threat Research Reports
Here you can find an accumulation of trending threats published weekly by the Anvilogic team.
We curate threat intelligence to provide situational awareness and actionable insights
Atomic detections that serve as the foundation of our detection framework.
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Commando Cat's Evasive Maneuvers
Cado Security identified 'Commando Cat', a cryptojacking campaign exploiting Docker environments. This multi-stage attack leverages sophisticated evasion techniques, exploiting exposed Docker API endpoints to deploy payloads, including cryptocurrency miners. It underscores the critical need for enhanced security measures in cloud environments to thwart such advanced threats.
An Emphasis on the Value of Your Credentials
Cisco Talos's 2023 report, presented by Hazel Burton, highlights a significant shift towards the exploitation of valid accounts by cybercriminals, making it the second-most common attack technique. With 26% of incident response engagements involving the use of valid accounts, the dark web has become a marketplace for these stolen credentials, especially those granting access to critical resources. This shift is attributed to the changing nature of work practices, with a focus on remote access and cloud solutions. Talos stresses the importance of multi-factor authentication (MFA) and robust authentication measures as essential defenses against these types of attacks. The report calls for a comprehensive security strategy, including access restriction, MFA, routine auditing, and a zero-trust architecture to mitigate the risks associated with compromised credentials.
Excel Document Used as Entry Point for Info-Stealer
In January 2024, Fortinet's Pei Han Liao reported a sophisticated malware campaign by a Vietnamese threat actor using an Excel document as the entry point. The attack chain begins with a VBA script in the Excel file, triggering a PowerShell command to download additional malicious scripts, culminating in a Python-based info-stealer. This malware harvests cookies and login data from browsers, packaging them for exfiltration to the attacker's telegram bot. The use of GitLab repositories for hosting malware complicates detection, revealing the actor's evolving capabilities and broader involvement in the cyber threat landscape since August 2023.
A Two-Decade Threat Evolution of Russian APT Group, APT28
Trend Micro's analysis reveals the two-decade evolution of APT28, a Russian APT group known for its cyber espionage across various sectors worldwide. Initially employing brute-force tactics, APT28 has sophisticatedly adapted, leveraging critical vulnerabilities and covert methodologies for espionage. Recent campaigns show advanced phishing and malware distribution tactics, targeting government, defense, and private sectors. Despite a reputation for aggressive campaigns, APT28's subtle initial intrusions and complex post-exploitation strategies underline their adaptability and continued threat to global cybersecurity.
Security Agencies Heighten Concerns Over Volt Typhoon's Cyber Operations
The joint advisory by CISA, NSA, FBI, and partners raises alarms over Volt Typhoon's cyber-espionage, linked to Chinese interests. Targeting critical infrastructure, they utilize sophisticated techniques for long-term access, pre-positioning for potential disruptive actions. Recommendations focus on detecting living-off-the-land techniques and enhancing defenses against these state-sponsored cyber threats.
Vital Warning Issued by the FBI and CISA to Secure Against China's Escalating Cyber Threats
The FBI and CISA have released an urgent warning regarding the growing cyber threats from Chinese government-sponsored activities, targeting critical U.S. infrastructure sectors like energy, water, and transportation. FBI Director Christopher A. Wray emphasizes the need for heightened vigilance against these threats, highlighting recent efforts to disrupt the Volt Typhoon hacking group's malware attacks on Wi-Fi routers.
.png)
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
.png)
Whitepapers
The World's Best SOC Teams Use Anvilogic
.png)
.svg)
.svg)
.svg)
.svg)
.svg)
