Anvilogic Forge Threat Research Reports
Here you can find an accumulation of trending threats published weekly by the Anvilogic team.
We curate threat intelligence to provide situational awareness and actionable insights
Atomic detections that serve as the foundation of our detection framework.
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
TA576's Tax-Season Assault with New SyncAppvPublishingServer Attack Strategy
TA576's recent campaign exploits the tax season to target North American financial organizations with sophisticated phishing lures. Proofpoint researchers Tommy Madjar and Selena Larson highlight the use of compromised accounts and cleverly disguised emails to deploy malware via a Google Firebase URL. This year's innovation lies in bypassing PowerShell detection through SyncAppvPublishingServer.vbs, leading to the deployment of the Parallax RAT.
USB-Driven Threats Orchestrated by UNC4990's Financially-Motivated Campaign
UNC4990, identified as a financially motivated threat group, employs sophisticated tactics involving USB devices to initiate malware infections. Through Mandiant's analysis, the campaign's reliance on legitimate websites like Ars Technica, GitHub, GitLab, and Vimeo for payload hosting emerges as a key evasion strategy. Utilizing encoded LNK files and the EMPTYSPACE downloader, the group targets Italy-based users, complicating detection efforts. The operation's complexity is further demonstrated by the use of QUIETBOARD, a modular backdoor, highlighting the importance of robust removable device policies for organizational defense.
Inside a AWS Incident with Invictus: Analyzing the Attack for Detection Insights
Invictus's detailed investigation into a month-long AWS intrusion reveals the attackers' adeptness in evading detection while exploiting AWS services. Through phases of discovery, exploitation, and evasion, insights into their techniques offer valuable lessons for bolstering cloud security against sophisticated threats.
Trending Threat: Defensive Recommendations for Ivanti VPN Vulnerabilities
Recommendations for the latest Ivanti VPN vulnerabilities which have been actively exploited by bad actors.
Russian Cyber Espionage Hits Microsoft: Leadership Emails Exfiltrated in Breach
Russian group Midnight Blizzard breached Microsoft, starting with a password spray attack on a legacy account. They compromised email accounts of senior leadership, exploiting an absence of MFA and abusing OAuth applications. The attack is part of a broader campaign targeting government and tech sectors in the U.S. and Europe.
BianLian's Evolving Tactics Tracked with Connections to Makop
BianLian ransomware, tracked by Unit 42, targets diverse sectors globally, using compromised credentials and exploiting vulnerabilities like ProxyShell. Their methods align with Makop's, suggesting shared resources. BianLian's shift from double extortion to data extortion tactics indicates a trend towards faster, more direct ransomware strategies.
.png)
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
.png)
Whitepapers
The World's Best SOC Teams Use Anvilogic
.png)
.svg)
.svg)
.svg)
.svg)
.svg)
