Anvilogic Forge Threat Research Reports
Here you can find an accumulation of trending threats published weekly by the Anvilogic team.
We curate threat intelligence to provide situational awareness and actionable insights
Atomic detections that serve as the foundation of our detection framework.
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Russian APT Gamaredon A Critical Player Against Ukraine
Palo Alto Unit42 details Gamaredon's significant role in the Russia-Ukraine conflict, targeting Ukraine with sophisticated cyber campaigns. Using fast-flux DNS, Telegram for C2 lookups, and phishing with LOLBins, Gamaredon continually evolves its tactics, proving to be a persistent threat.
The Potency And Proficiency of Royal Ransomware
Cybereason explores the Royal ransomware group's sophisticated techniques and potential ties to the disbanded Conti gang. Emerging in mid-2022, Royal employs novel partial encryption and multi-threading methods, making it a formidable threat. The group targets various industries, predominantly in the United States.
Uber Experiences Another Cyber Incident
BleepingComputer reports Uber's second cyber incident in three months, with threat actor 'UberLeaks' exposing corporate and IT information on a breach forum. Uber attributes the breach to a third-party vendor, stating it is unrelated to the September 2022 breach. No customer data is believed to be compromised.
Divergences in APT42 Targets Signal New Intelligence Requirements from Iran
Proofpoint notes a shift in APT42's targets and tactics, now including medical researchers, aerospace engineers, and travel agencies, suggesting new intelligence needs from Iran's IRGC. The group, known for credential harvesting, now uses more aggressive phishing and malware, indicating possible collaboration with other Iranian state branches.
Cloud Atlas' Attacks Russian Aligned Entities
Checkpoint researchers reveal Cloud Atlas's cyber-espionage activities targeting Russian and Belarus entities amid the Russia-Ukraine conflict. Utilizing phishing emails, PowerShell backdoors, and exploiting vulnerabilities like Microsoft Equation Editor, Cloud Atlas's TTPs have remained consistent. Recent focus areas include the Crimean Peninsula and breakaway regions of Ukraine.
Analyzing Operation LiberalFace, An Attack Against Japanese Politicians
ESET researchers expose Operation LiberalFace, a spearphishing campaign by the Chinese threat group MirrorFace. Targeting Japanese politicians ahead of the July 2022 election, the campaign used phishing emails to deploy LODEINFO malware and MirrorStealer credential stealer. The malware captures screenshots, keylogs, and exfiltrates credentials from web browsers and email clients.
.png)
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
.png)
Whitepapers
The World's Best SOC Teams Use Anvilogic
.png)
.svg)
.svg)
.svg)
.svg)
.svg)
