Anvilogic Forge Threat Research Reports
Here you can find an accumulation of trending threats published weekly by the Anvilogic team.
We curate threat intelligence to provide situational awareness and actionable insights
Atomic detections that serve as the foundation of our detection framework.
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Lumma Stealer Returns with Active Campaigns Despite Disruption
Lumma Stealer has resurfaced just weeks after its May 2025 takedown, according to Trend Micro. Operators swiftly rebuilt infrastructure and now use stealthier delivery methods including GitHub abuse, fake keygens, and social engineering via ClickFix campaigns. The return highlights Lumma's resilience and adaptability in the evolving malware landscape.
Timely Action the Deciding Factor in Chaos and Medusa Ransomware Outcomes from Talos' IR Engagement
Cisco Talos analyzed two ransomware incidents involving Chaos and Medusa groups. Despite similar attacker techniques and tools, the speed of incident response was the key differentiator—early containment stopped Chaos, while delays led to full Medusa encryption. Talos emphasizes timely action as crucial in ransomware defense and recovery.
#StopRansomware Outlines Defensive Tactics Against Interlock
CISA, FBI, and other agencies released a joint advisory on Interlock ransomware, active since 2024. The group uses FileFix and ClickFix vectors, double extortion, and multiple RATs. Operating globally, Interlock targets both Linux and Windows systems. Agencies recommend defensive tactics to mitigate risk and reduce potential impact.
Europol-Led Operation Eastwood Disrupts NoName057(16) DDoS Infrastructure
Operation Eastwood, led by Europol and Eurojust, disrupted the pro-Russian DDoS group NoName057(16), seizing over 100 servers and arresting multiple suspects across Europe. The takedown follows widespread attacks on Ukraine and NATO nations, marking a significant international step against ideologically driven cyber threats.
Salt Typhoon Breach Exposes U.S. Army National Guard Networks in 9-Month Espionage Campaign
Chinese state-backed actor Salt Typhoon infiltrated U.S. Army National Guard networks for nine months in 2024, stealing credentials, network diagrams, and PII. The breach, confirmed by DHS in 2025, highlights systemic cyber exposure and risks of follow-on attacks across military and civilian infrastructure.
Mass Exploitation of Microsoft SharePoint Zero-Days
Microsoft confirms active exploitation of CVE-2025-53770 and CVE-2025-53771 in SharePoint Server. Attackers achieve unauthenticated remote code execution by exploiting deserialization and path traversal flaws. Emergency patches are available for most versions. Organizations must patch immediately, rotate keys, and review IIS logs for signs of compromise such as "spinstall0.aspx."
.png)
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
.png)
Whitepapers
The World's Best SOC Teams Use Anvilogic
.png)
.svg)
.svg)
.svg)
.svg)
.svg)
