Anvilogic Forge Threat Research Reports
Here you can find an accumulation of trending threats published weekly by the Anvilogic team.
We curate threat intelligence to provide situational awareness and actionable insights
Atomic detections that serve as the foundation of our detection framework.
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Phishing Reigns Supreme: Rockwell Automation Unveils Key Tactics in Industrial Cyberattacks
Rockwell Automation's groundbreaking study with Cyentia Institute delves deep into the industrial sector's cyber vulnerabilities. Analyzing 122 cybersecurity events, the report uncovers a concerning trend: over 60% of attacks are state-affiliated, with internal personnel unintentionally aiding in a third of these incidents. The energy sector emerges as the most targeted, and phishing dominates as the preferred attack method.
Lazarus Strikes Again: Fifth Major Crypto Attack Targets CoinEx in 2023
In a growing series of crypto attacks in 2023, the North Korean Lazarus Group is suspected of orchestrating a breach on CoinEx. Elliptic's research uncovers parallels between this and Lazarus' previous thefts, marking a strategic shift in the group's focus from decentralized to centralized crypto services. This surge in Lazarus' attacks, coupled with their evolving tactics, amplifies concerns in the financial industry about the security of centralized exchanges.
UNC3944's Shifting Tactics: From Phishing to Ransomware Rampage
Mandiant's latest report uncovers UNC3944's expanding threat landscape. Known aliases include "Scattered Spider" and "0ktapus." Initially recognized for their prowess in social engineering, the group is now launching sophisticated ransomware attacks across diverse sectors like telecommunications, retail, and finance. Their modus operandi often combines smishing with tactics to bypass multi-factor authentication, capitalizing on legitimate software and data theft for extortion purposes. Their evolving tactics indicate an intention to refine and diversify their strategies further.
A Deceptive Attack with a PoC Lure for CVE-2023-40477
Unit42's Robert Falcone has identified a cunning strategy by a threat actor leveraging the allure of a PoC code tied to the CVE-2023-40477 vulnerability in WinRAR. Using a fraudulent PoC script, the actor aims to spread the VenomRAT payload. This campaign seems less directed at researchers but appears opportunistic, targeting those keen on integrating new vulnerabilities into their malicious endeavors.
CISA #StopRansomware Advisory: Snatch Ransomware
CISA and the FBI have spotlighted the escalating threat of Snatch Ransomware, active since 2018 and recently intensifying its attacks across various sectors, particularly in North America. The ransomware has been employing evolved tactics and double extortion, impacting a broad spectrum of institutions and revealing a concerning trend in its activity and concentration.
Storm-0324 An Enabler of Ransomware
Microsoft's latest research unveils the threat actor Storm-0324, active since 2016, now targeting via Microsoft Teams chats. Historically using email-based vectors with deceptive themes, their move signifies an evolution in attack strategy. They've distributed malware like IcedID and ransomware such as Sage. Notably, from 2019, Storm-0324 has primarily spread JSSLoader, which could escalate to a ransomware impact when handed to groups like Sangria Tempest.
.png)
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
.png)
Whitepapers
The World's Best SOC Teams Use Anvilogic
.png)
.svg)
.svg)
.svg)
.svg)
.svg)
