Anvilogic Forge Threat Research Reports
Here you can find an accumulation of trending threats published weekly by the Anvilogic team.
We curate threat intelligence to provide situational awareness and actionable insights
Atomic detections that serve as the foundation of our detection framework.
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Ransomware Actors Use Consistent Playbooks to Cripple Defenses and Delete Backups
Huntress analyzed a ransomware intrusion where attackers reused a known playbook to disable Microsoft Defender, delete backups, and tamper with system protections. The attack, halted before encryption, showed iterative refinement of tools and techniques. It highlights the need for defenders to monitor PowerShell misuse and Defender configuration changes.
Bumblebee Malware Resurfaces in Campaigns to Deploy Akira Ransomware
Bumblebee malware has resurfaced in recent attacks that use SEO poisoning and fake software installers to deliver Akira ransomware. Intrusions progress rapidly from initial infection to domain compromise, with attackers returning days later to reinfect networks via RustDesk. The DFIR Report highlights evolving tactics and detection opportunities.
Transparent Tribe Targets Indian Sectors with New BOSS Linux Espionage Campaign
APT36 (Transparent Tribe) is targeting BOSS Linux systems in Indian government, defense, and critical infrastructure sectors. The group uses phishing emails to deliver ELF malware, “client.elf,” for espionage and data theft. Cyfirma highlights the campaign's stealthy use of PowerPoint decoys and persistent access mechanisms over TCP port 12520.
CISA Finds Cyber Hygiene Gaps in U.S. Infrastructure Network
A joint CISA and USCG assessment uncovered serious cyber hygiene flaws in a U.S. critical infrastructure organization. Issues included plaintext admin credentials, weak IT-OT segmentation, outdated protocols, and missing logs. While no active threats were found, CISA warns these gaps could enable adversaries to move laterally and persist undetected.
Russian State Actor Deploys ApolloShadow in Embassy Espionage Campaign
Microsoft reports Russian APT Secret Blizzard is targeting embassies in Moscow using ApolloShadow malware and adversary-in-the-middle tactics. By abusing likely ISP-level access and rogue certificates, the group intercepts secure traffic and establishes persistent access. The campaign shows how advanced AiTM threats can compromise diplomatic networks and evade traditional detection.
CISA, FBI, and Allies Release July 2025 Update on Scattered Spider’s Attack Threat Arsenal
CISA, FBI, and international partners released an updated threat profile of Scattered Spider, detailing advanced social engineering tactics, abuse of remote access tools, and data theft across cloud and hybrid environments. The report urges stronger MFA, monitoring, and segmentation to counter this persistent and opportunistic threat actor.
.png)
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
.png)
Whitepapers
The World's Best SOC Teams Use Anvilogic
.png)
.svg)
.svg)
.svg)
.svg)
.svg)
