Anvilogic Forge Threat Research Reports
Here you can find an accumulation of trending threats published weekly by the Anvilogic team.
We curate threat intelligence to provide situational awareness and actionable insights
Atomic detections that serve as the foundation of our detection framework.
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
LockBit Ransomware Infrastructure Dismantled in Multi-Country 'Operation Cronos' Effort
'Operation Cronos,' a collaborative effort by law enforcement in ten countries, has significantly disrupted the LockBit ransomware group, leading to the takedown of 34 servers and the arrest of two major actors. This operation, which inflicted billions in damages globally, showcases the international commitment to combating cybercrime. Despite the takedown, LockBit vows to continue operations, hinting at increased targeting of governmental sectors. This unfolding scenario underscores the persistent and evolving threat of ransomware and the importance of global cooperation in cybersecurity efforts.
Critical Vulnerabilities in ScreenConnect Remote Access Software Dubbed 'SlashAndGrab'
ConnectWise's ScreenConnect faces critical vulnerabilities, CVE-2024-1709 and CVE-2024-1708, enabling authentication bypass and path traversal attacks. Labeled 'SlashAndGrab' by cybersecurity experts, these flaws pose severe risks including remote code execution and data compromise. Urgent patching is advised for versions up to 23.9.7, with exploitation leading to LockBit ransomware and AsyncRAT deployment. Detection guidance includes monitoring ScreenConnect directories for suspicious file modifications and leveraging Advanced Auditing policies.
BfV and NIS Issue Joint Advisory on North Korean Cyber Threats to Defense and Research Sectors
Germany's BfV and South Korea's NIS issue a joint advisory on North Korean cyber-espionage targeting defense and research sectors. Highlighting campaigns like a sophisticated supply-chain attack and "Operation Dream Job," the advisory emphasizes the need for robust security measures. Techniques include social engineering and malware deployment, aiming to exfiltrate military technologies. Recommendations include enforcing least privilege, strong passwords, and multi-factor authentication to mitigate these threats.
Key Detection Indicators of Midnight Blizzard's Attack on Microsoft Decoded by Splunk
Splunk researchers unveil the tactics of Midnight Blizzard in their November 2023 Microsoft attack. Highlighting password spray attacks and critical vulnerabilities, the report offers a blueprint for detecting such compromises. Key indicators include high login failures and unusual application configuration changes, emphasizing the need for vigilant monitoring of security systems to thwart these state-sponsored threats.
OpenAI and Microsoft Thwart State-Backed Cyber Threats Exploiting AI
OpenAI and Microsoft have jointly countered attempts by five state-affiliated threat actors, including Charcoal Typhoon and Salmon Typhoon from China, Crimson Sandstorm from Iran, Emerald Sleet from North Korea, and Forest Blizzard from Russia, aiming to exploit AI services for cyber espionage and operational goals. Actions taken include terminating associated accounts and enhancing AI safety through monitoring, collaboration, and the development of safety mitigations. This collaboration highlights the importance of securing AI technologies against sophisticated threats and the commitment to advancing AI security measures.
OWASSRF Exploit Resurfaces with Stealth Data Leak Strategy
In January 2024, Huntress detected exploitation of the OWASRRF exploit, revealing a stealth data leak strategy involving encoded PowerShell commands and the Windows tool, finger.exe. This discovery underscores the risks of outdated software, as demonstrated by an unpatched MSExchange installation, and highlights the importance of proactive cybersecurity measures. The exploit, initially linked to Play ransomware attacks, illustrates the evolving threat landscape and the necessity for timely updates and threat hunting.
.png)
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
.png)
-min.png)
The World's Best SOC Teams Use Anvilogic
.svg)
