Anvilogic Forge Threat Research Reports
Here you can find an accumulation of trending threats published weekly by the Anvilogic team.
We curate threat intelligence to provide situational awareness and actionable insights
Atomic detections that serve as the foundation of our detection framework.
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Varied Attack Chains from Earth Estries Uncover New Espionage Tactics
Trend Micro unveils Earth Estries' cyberattacks, highlighting two advanced attack chains. The group exploits vulnerabilities, uses backdoor malware like Crowdoor and Snappybee, and employs tools for data exfiltration. Linked to Salt Typhoon, Earth Estries adapts its tactics to persist and collect sensitive information, targeting global government, telecom, and technology sectors.
UAC-0194’s Exploitation of CVE-2024-43451 in Ukraine for Phishing
ClearSky links UAC-0194 to phishing attacks exploiting CVE-2024-43451, targeting Ukrainian government, education, and research sectors. Using malicious URL files, attackers capture NTLM hashes and deploy SparkRAT malware for persistence. CERT-UA urges immediate application of Microsoft’s November 2024 patch to mitigate this critical vulnerability in Windows systems.
Joint FBI-CISA Advisory Informs Chinese Espionage on U.S. Telecom Firms
The FBI and CISA confirm PRC-linked cyber actors breached U.S. telecom firms, including AT&T and Verizon, enabling data theft and espionage targeting government and political communications. Hackers accessed court-authorized wiretap systems and call records. Agencies advise organizations to contact authorities for support amid ongoing investigations into these national security breaches.
Ransomware Alliances Amplify Threat of Skilled Social Engineering Actors Scattered Spider
ReliaQuest’s investigation reveals a ten-hour breach at a manufacturing organization, where threat actor Scattered Spider exploited help desk processes to reset critical accounts and gain privileged access. In collaboration with the RansomHub ransomware group, they bypassed MFA, exfiltrated sensitive data, and encrypted systems, exposing severe security gaps in response protocols.
EDR Bypass Tool Exploited in Extortion Scheme
Unit 42’s analysis reveals how threat actors used the EDR bypass tool "disabler.exe" in a complex extortion attack, gaining network access via the Atera tool and evading defenses through advanced tactics. With tactics overlapping Conti’s playbook, the attack exemplifies growing cybercrime sophistication and the rise of AV/EDR evasion tools on forums.
INTERPOL’s Operation Synergia II Targets Phishing, Ransomware, and Info-Stealers Across 95 Nations
INTERPOL’s Operation Synergia II took down global cybercrime networks from April to August 2024, targeting phishing, ransomware, and info-stealers across 95 nations. The operation, with assistance from major cybersecurity firms, led to 41 arrests and the seizure of 59 servers, showcasing a robust global alliance against cyber threats.
.png)
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
.png)
-min.png)
The World's Best SOC Teams Use Anvilogic
.svg)
