Anvilogic Forge Threat Research Reports
Here you can find an accumulation of trending threats published weekly by the Anvilogic team.
We curate threat intelligence to provide situational awareness and actionable insights
Atomic detections that serve as the foundation of our detection framework.
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
UNC3944's Shifting Tactics: From Phishing to Ransomware Rampage
Mandiant's latest report uncovers UNC3944's expanding threat landscape. Known aliases include "Scattered Spider" and "0ktapus." Initially recognized for their prowess in social engineering, the group is now launching sophisticated ransomware attacks across diverse sectors like telecommunications, retail, and finance. Their modus operandi often combines smishing with tactics to bypass multi-factor authentication, capitalizing on legitimate software and data theft for extortion purposes. Their evolving tactics indicate an intention to refine and diversify their strategies further.
A Deceptive Attack with a PoC Lure for CVE-2023-40477
Unit42's Robert Falcone has identified a cunning strategy by a threat actor leveraging the allure of a PoC code tied to the CVE-2023-40477 vulnerability in WinRAR. Using a fraudulent PoC script, the actor aims to spread the VenomRAT payload. This campaign seems less directed at researchers but appears opportunistic, targeting those keen on integrating new vulnerabilities into their malicious endeavors.
CISA #StopRansomware Advisory: Snatch Ransomware
CISA and the FBI have spotlighted the escalating threat of Snatch Ransomware, active since 2018 and recently intensifying its attacks across various sectors, particularly in North America. The ransomware has been employing evolved tactics and double extortion, impacting a broad spectrum of institutions and revealing a concerning trend in its activity and concentration.
Storm-0324 An Enabler of Ransomware
Microsoft's latest research unveils the threat actor Storm-0324, active since 2016, now targeting via Microsoft Teams chats. Historically using email-based vectors with deceptive themes, their move signifies an evolution in attack strategy. They've distributed malware like IcedID and ransomware such as Sage. Notably, from 2019, Storm-0324 has primarily spread JSSLoader, which could escalate to a ransomware impact when handed to groups like Sangria Tempest.
A String of CryptoWallet Thefts Point to Cracked LastPass Vaults
Following the 2022 LastPass data breach, investigative journalist Brian Krebs points to an alarming rise in CryptoWallet thefts. Key voices from the industry, such as MetaMask's Taylor Monahan and Unciphered's Nick Bax, echo these concerns. The ongoing situation underscores the vulnerabilities even in renowned security platforms and the increasing sophistication of cyber threats.
BumbleBee Swarms with QakBot's Takedown
Following the QakBot disruption by the FBI, there's been a surge in BumbleBee malware attacks. Kostas, a notable security researcher from the DFIR Report community, has outlined a BumbleBee tactic where the malware uses command line actions to map a network drive to a remote site, transfer user credentials, download a file, and search for 'notepad.exe' files. The method suggests potential file manipulation, highlighting the shifting tactics in the malware landscape post-QakBot's takedown.
.png)
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
.png)
Whitepapers
Trusted by leading teams at
.png)
.svg)
.svg)
.svg)
.svg)
.svg)
