Anvilogic Forge Threat Research Reports
Here you can find an accumulation of trending threats published weekly by the Anvilogic team.
We curate threat intelligence to provide situational awareness and actionable insights
Atomic detections that serve as the foundation of our detection framework.
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Intelligence Update to the Continuation of Operation Crimson Palace with New TTPs in Targeted Intrusions
Sophos' latest intelligence update on Operation Crimson Palace uncovers new tactics, techniques, and procedures (TTPs) used by threat clusters targeting Southeast Asian government entities. The report highlights DLL sideloading, C2 infrastructure revamping, and living-off-the-land techniques. It emphasizes the ongoing nature of these threats and the need for robust detection strategies.
Rundll32 with Suspicious Command Line
The Anvilogic Forge has identified multiple occurrences of Andromeda-like malware (aka. b66 and Gamarue) across various customer environments. Andromeda malware is known for its modular nature, used as a downloader and facilitating further malicious activities such as keylogging, credential theft, and additional payload downloads. Andromeda often propagates using USB drives.
FBI Warns of North Korean Cyberattacks on Cryptocurrency Firms
The FBI warns of North Korean cyberattacks on cryptocurrency firms, using social engineering to implant malware and steal funds. These actors exploit professional networks, impersonate known contacts, and create fake scenarios. The FBI advises verifying identities and strengthening network security to counter these sophisticated threats.
FTC Alerts a Surge in Bitcoin ATM Scams Citing Record Highs in Loses
The FTC warns of a surge in Bitcoin ATM scams, with over $110 million lost in 2023. Scammers use fake security alerts and impersonation tactics to manipulate victims into depositing funds into their cryptocurrency wallets. The FTC advises caution, urging individuals to verify contacts and avoid hasty financial actions.
APT33's Range of Attacks from Password Spraying to Proficiency in Azure
Iranian threat actor APT33, active from April to July 2024, targets aerospace, defense, and other sectors using password spraying, custom malware, and Azure misuse. The group aims for intelligence gathering through advanced tactics. Microsoft advises countermeasures like multifactor authentication to combat APT33's evolving cyber threats.
RansomHub's Extensive Reach in Threatening Critical Infrastructure with 210 Victims and Counting
Since February 2024, RansomHub has targeted 210 critical infrastructure organizations across various sectors. Utilizing affiliates from other ransomware groups, the gang employs phishing, vulnerability exploitation, and double extortion tactics. Affected sectors include healthcare, government, and transportation. Security agencies urge organizations to follow mitigation steps to defend against this expanding threat.
.png)
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
.png)
-min.png)
The World's Best SOC Teams Use Anvilogic
.svg)
