Anvilogic Forge Threat Research Reports
Here you can find an accumulation of trending threats published weekly by the Anvilogic team.
We curate threat intelligence to provide situational awareness and actionable insights
Atomic detections that serve as the foundation of our detection framework.
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
11 Months of AsyncRAT: Targeted with Precision and Evasion in Mind
AT&T Alien Lab reports an 11-month campaign focusing on delivering AsyncRAT, marked by precision in target selection and evasion. Threat actors target high-value infrastructure, using obfuscated scripts and domain generation algorithms to evade detection. The campaign utilizes unique domain characteristics and hosting services linked to cryptocurrency, complicating consistent detection and response. Despite the sophisticated nature of the campaign, no specific threat group attribution has been made.
Pikabot Spam Campaign by Black Basta-Aligned Water Curupira
Trend Micro highlights the surge in Pikabot malware, potentially filling the void left by Qakbot's disruption. Linked to Black Basta ransomware and operated by Water Curupira, Pikabot is a sophisticated loader malware used in phishing campaigns for unauthorized access and command execution. The malware deploys multi-stage attacks, employs anti-analysis techniques, and enables further malicious activities, signaling a shift in Water Curupira's tactics from DarkGate and IcedID campaigns.
Turkish Hackers' RE#TURGENCE Campaign Hits MSSQL Servers and Paves a Path to Ransomware
Securonix reveals the RE#TURGENCE campaign, where Turkish hackers target MSSQL servers globally, deploying Mimic ransomware. Using advanced tactics like brute-force and evasion techniques, attackers compromise servers, facilitate lateral movements, and execute ransomware for extortion. Connections to Phobos ransomware highlight the campaign's severity.
X Hacks Unveil a New Wave of Intricate Cryptocurrency Fraud
Mandiant uncovers CLINKSINK, an emerging cyber threat using Drainer-as-a-Service to hijack X accounts and siphon Solana cryptocurrency. The campaign, active since December 2023, involves various actors and has stolen an estimated $900,000. CLINKSINK uses deceptive tactics like fake airdrops, prompting victims to authorize fraudulent transactions.
Dark Web's 'Leaksmas' Unveils Cybercriminals Holiday Data Leak Spree
RSecurity reports a 'Leaksmas' event by cybercriminals during the holidays, resulting in large-scale data breaches worldwide. This included a breach of Movistar in Peru with 22 million records exposed. The leaks, marked 'Free Leaksmas', affected sectors across France, India, Mexico, and more. Groups like SiegedSec and the "Five Families" were notably active, targeting government resources and various companies, underlining the need for robust digital identity safeguards.
APT28's End-of-Year Cyber Onslaught Takes Aim at Ukrainian and Polish Government System
CERT-UA has identified a phishing campaign by APT28 targeting Ukrainian and Polish government systems from December 15-25, 2023. The attack involved phishing emails leading to the MASEPIE malware, which downloaded STEELHOOK and OCEANMAP tools for data theft and command execution. The use of IMPACKET and SMBEXEC facilitated network penetration. The tactics align with APT28's known methods.
.png)
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
.png)
Whitepapers
The World's Best SOC Teams Use Anvilogic
.png)
.svg)
.svg)
.svg)
.svg)
.svg)
