Anvilogic Forge Threat Research Reports
Here you can find an accumulation of trending threats published weekly by the Anvilogic team.
We curate threat intelligence to provide situational awareness and actionable insights
Atomic detections that serve as the foundation of our detection framework.
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
iVerify Uncovers Pegasus Spyware on Private Sector Devices, Expanding Surveillance Concerns
iVerify has uncovered Pegasus spyware on private sector devices, affecting executives in finance, real estate, and logistics. The findings reveal long-term surveillance dating back to 2021, with infections across Europe and the Middle East. This expands concerns beyond political targets, highlighting risks of corporate espionage and advanced mobile surveillance threats.
Russian Threat Actors Exploit Signal’s Linked Devices Feature for Espionage
Russian state-aligned hackers are exploiting Signal Messenger’s "Linked Devices" feature to gain persistent access to secure communications. GTIG reports phishing campaigns tricking victims into linking Signal accounts to attacker-controlled devices. Groups like Sandworm also extract Signal messages from compromised systems. Users should review linked devices and follow Signal’s latest security updates.
NailaoLocker Ransomware Targets European Healthcare Sector, Linked to Chinese Intrusion Sets
NailaoLocker ransomware has been attacking European healthcare entities, with signs of Chinese state-affiliated involvement. Threat actors exploit a Check Point zero-day and use espionage tools like ShadowPad. The ransomware lacks advanced features but follows a prolonged dwell time strategy. Security experts warn of its evolving capabilities and potential state-sponsored ties.
CISA's #StopRansomware Advisory Warns of Ghost Ransomware Attacks in Over 70 Countries
CISA’s #StopRansomware advisory warns of the Ghost ransomware group, active in over 70 countries. Ghost actors exploit outdated vulnerabilities to gain access, deploy Cobalt Strike, and execute ransomware within hours. Their attacks target critical infrastructure, education, healthcare, and more. While they focus on encryption over data theft, strong security measures can deter them.
Insights from Google Threat Intelligence Highlights The Expanding Threat of Cybercrime
Google Threat Intelligence warns that cybercrime now outpaces state-sponsored hacking, driving ransomware, BEC scams, and national security threats. Attacks on healthcare have doubled, and financially motivated groups increasingly collaborate with nation-states. The report urges global cooperation to combat cybercriminal networks fueling espionage, data theft, and economic disruption.
NetSupport RAT Campaign Expands with ClickFix Technique
A malware campaign using fake CAPTCHA pages continues into 2025, now leveraging the ClickFix technique to trick users into executing NetSupport RAT. eSentire reports attackers using mshta.exe and PowerShell for stealthy infections, reinforcing the campaign’s persistence. NetSupport RAT enables remote control, data theft, and further malware deployment.
.png)
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
.png)
-min.png)
The World's Best SOC Teams Use Anvilogic
.svg)
