Anvilogic Forge Threat Research Reports
Here you can find an accumulation of trending threats published weekly by the Anvilogic team.
We curate threat intelligence to provide situational awareness and actionable insights
Atomic detections that serve as the foundation of our detection framework.
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
DEV-0139 Tailors Attack Against Cryptocurrency Organizations
Microsoft reports DEV-0139 targeting cryptocurrency organizations via Telegram, using weaponized Office documents to deliver malicious payloads. Posing as legitimate representatives, they gain trust before launching attacks. Techniques include DLL sideloading and backdoor deployment, similar to Lazarus group's AppleJesus malware.
Cloud Attacks in AWS and GCP from Compromised Credentials
Palo Alto Unit 42 reports compromised credentials causing security breaches in AWS and GCP. Threat actors launch phishing and cryptomining attacks, quickly exploiting cloud environments. Key actions include enumerating environments, tampering with IAM configurations, and deploying new cloud instances, underscoring the importance of robust cloud security and monitoring.
High Demand for Signal App Exploits
Russian company OpZero offers $1.5 million for Signal app RCE exploits, tripling Zerodium's offer. The company's high offer and connections to Russian private and government organizations raise concerns about espionage efforts, particularly targeting Ukraine. OpZero's recent online presence adds to the intrigue.
CryWiper Disguises as Ransomware Attacks Russian Organizations
Kaspersky uncovers CryWiper, a data destruction malware disguised as ransomware, targeting Russian organizations. CryWiper destroys files irreversibly using a pseudo-random number generator, deletes shadow copies, and disables RDP connections. Despite ransom demands, file recovery is impossible as the malware aims to permanently destroy data.
Killnet's DDoS Streak
Pro-Russian threat group Killnet continues its DDoS attacks, targeting Starlink, the White House, and UK government websites. Verified by Trustwave, these attacks have disrupted critical services. Killnet plans further attacks against UK industries in finance, military, and healthcare.
Threat Actors Abuse RDP
Cyble researchers highlight the dangers of exposed RDP ports, often exploited by threat actors to compromise networks. In the last three months, over 4.7 million exploitation attempts were tracked, with attacks originating from countries including the US, South Korea, and India. Ransomware groups like Daixin Team and MedusaLocker are active in this space.
.png)
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
.png)
Whitepapers
The World's Best SOC Teams Use Anvilogic
.png)
.svg)
.svg)
.svg)
.svg)
.svg)
