Anvilogic Forge Threat Research Reports
Here you can find an accumulation of trending threats published weekly by the Anvilogic team.
We curate threat intelligence to provide situational awareness and actionable insights
Atomic detections that serve as the foundation of our detection framework.
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
'Bad Likert Judge' Exposes Gaps in AI Content Moderation and Safety
Unit 42’s "Bad Likert Judge" jailbreak exploits LLM safety mechanisms using Likert scale scoring, enabling harmful content generation. Tested across major AI models, the technique increases attack success rates by over 60%. Researchers stress the importance of content filters but highlight their limitations in combating determined adversaries.
Chinese State Hackers Breach OFAC in Targeted Treasury Department Cyberattack
Chinese state-sponsored hackers breached the U.S. Treasury's OFAC, exploiting a compromised BeyondTrust API key. The attack accessed unclassified data, aligning with Beijing’s strategic interests. CISA confirmed no broader federal agency impact. The Treasury calls the breach a "major cybersecurity incident" with serious national security implications.
EC2 Grouper Targets AWS Environments with Undetermined Attack Objective
The EC2 Grouper threat group targets AWS environments, exploiting exposed keys in public repositories and executing automated API calls for reconnaissance and configuration changes. Fortinet highlights vulnerabilities in cloud security practices and urges stricter monitoring to prevent exploitation by this attacker. The group's ultimate objectives remain unknown.
Salt Typhoon Breach Expands With Ninth Telecom Firm Compromised
Salt Typhoon, a Chinese state-sponsored hacking group, compromised its ninth telecom firm in a massive espionage campaign targeting U.S. critical infrastructure. Broad network access exposed millions to geolocation tracking and call interception. Experts urge tighter collaboration and compliance to mitigate risks in what is described as the largest U.S. telecom hack to date.
APT29 Executes Large-Scale RDP Attack Campaign Focused on Espionage and Data Theft
APT29 (Earth Koshchei) launched a massive RDP campaign targeting defense, government, and technology sectors. Spear-phishing emails delivered rogue RDP files, connecting victims to attacker-controlled servers. The group used MITM tools like PyRDP to intercept sessions, exfiltrate sensitive data, and evade detection, marking a sophisticated espionage effort.
Surge in Black Basta Ransomware And DarkGate Activity with Strategic Social Engineering Approach
Black Basta ransomware and DarkGate malware campaigns are rising, leveraging phishing and impersonation to deploy RMM tools for credential harvesting. Reports from Rapid7 and Trend Micro reveal evolving tactics, including custom packers, defense evasion, and persistence through registry modifications, culminating in ransomware deployment to encrypt data and disrupt operations.
.png)
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
.png)
-min.png)
The World's Best SOC Teams Use Anvilogic
.svg)
