Anvilogic Forge Threat Research Reports
Here you can find an accumulation of trending threats published weekly by the Anvilogic team.
We curate threat intelligence to provide situational awareness and actionable insights
Atomic detections that serve as the foundation of our detection framework.
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Bluebottle Threat Actors Strikes Banks in French-speaking Countries
Symantec reports Bluebottle targeting banks in French-speaking African countries, employing TTPs similar to OPERA1ER. Using tools like Cobalt Strike and GuLoader, and disabling security products with signed Windows drivers, Bluebottle has impacted three financial institutions from May to September 2022, persisting on networks for extended periods.
Rackspace Confirms Data Impact from Play Ransomware Attack
Rackspace's investigation confirms Play ransomware gang exploited OWASSRF vulnerability, targeting CVE-2022-41080 and CVE-2022-41082, accessing email data of 27 Hosted Exchange customers. Rackspace assures no misuse of data and continues data recovery efforts while migrating affected customers to Microsoft 365.
Vice Society Launches Custom 'PolyVice' Encryptor
Vice Society deploys its custom 'PolyVice' encryptor in ransomware attacks, identified by SentinelOne. Using advanced encryption algorithms and multi-threading for speed, 'PolyVice' appends ".ViceSociety" to encrypted files and drops a ransom note. The group, targeting all sectors, focuses on under-resourced industries such as education and healthcare.
Conti Source Code Breeds New Ransomware Strains
Cyble identifies new ransomware strains—BlueSky, Meow, Putin Team, and ScareCrow—derived from leaked Conti source code. These strains have unique file extensions and use various communication methods. The ease of using leaked source code indicates a potential rise in custom ransomware operations with minimal investment.
FIN7's Growth and Evolution
PRODAFT's analysis of FIN7 reveals the cybercrime group's collaboration with ransomware gangs like LockBit and REvil. Targeting high-value companies globally, FIN7 focuses on financial gains through extortion and data monetization. Their organized structure includes management, developers, pentesters, and affiliates, enabling sophisticated and coordinated attacks.
Troubles in the Cloud with AWS Elastic IP Transfer Feature
Mitiga researchers warn of security risks associated with AWS's new Elastic IP transfer feature, which allows IP transfers between AWS accounts. Attackers with compromised IAM rights could exploit this feature, disassociating and transferring EIPs, causing denial of service, and tampering with DNS records.
.png)
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
.png)
Whitepapers
The World's Best SOC Teams Use Anvilogic
.png)
.svg)
.svg)
.svg)
.svg)
.svg)
