Anvilogic Forge Threat Research Reports
Here you can find an accumulation of trending threats published weekly by the Anvilogic team.
We curate threat intelligence to provide situational awareness and actionable insights
Atomic detections that serve as the foundation of our detection framework.
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
APT28's End-of-Year Cyber Onslaught Takes Aim at Ukrainian and Polish Government System
CERT-UA has identified a phishing campaign by APT28 targeting Ukrainian and Polish government systems from December 15-25, 2023. The attack involved phishing emails leading to the MASEPIE malware, which downloaded STEELHOOK and OCEANMAP tools for data theft and command execution. The use of IMPACKET and SMBEXEC facilitated network penetration. The tactics align with APT28's known methods.
New PyPI Packages Deploying Cryptominers Discovered
Fortinet researcher Gabby Xiong identified three PyPI packages deploying cryptominers against Linux systems. Authored by "sastra," these packages—'modularseven-1.0,' 'driftme-1.0,' and 'catme-1.0'—conceal their malicious code and show links to the "Culturestreak" cryptomining malware. The attack employs advanced evasion methods, including hosting payloads on remote URLs and manipulating ~/.bashrc files for persistence.
Uptycs Reveals Hidden Data Channel in Ukrainian Targeted Campaign
Uptycs researchers exposed a cyber-espionage campaign by UAC-0050 targeting Ukraine. The group deployed RemcosRAT, employing Windows pipes for covert data movement, undetectable by EDR and antivirus systems. The campaign, likely initiated via phishing, aimed at Ukrainian military personnel and showcased advanced stealth techniques for intelligence-gathering.
Threat Group "Cyber Toufan" Emerges with Capabilities Beyond Typical Hacktivist Collectives
Cyber Toufan, tracked by Kevin Beaumont, shows unusual capabilities for a hacktivist group. With focused attacks on organizations including Israeli state entities, they've caused substantial damage, erasing data and disrupting operations. Using tools like Tor and shred, Cyber Toufan's operations are a warning of evolving cyber threats.
UAC-0099's Persistent Cyber Campaigns Target Ukrainians Abroad
UAC-0099, active since mid-2022, specifically targets Ukrainians abroad. Employing PowerShell and VBScript, they use deceptive emails and exploit WinRAR vulnerabilities (CVE-2023-38831). Their methods include LNK files, HTA applications, and ZIP files, all disguised as court summons, indicating a targeted, consistent approach in their cyber campaigns.
AsyncRAT Campaign Exploits Microsoft Processes
Trend Micro's Managed XDR team exposes a sophisticated AsyncRAT campaign exploiting Microsoft's aspnet_compiler.exe. The malware, known for keylogging and remote control, uses intricate scripts for evasion and persistence. Monitoring for unusual activities and process injections is vital to detect and defend against these evolving cyber threats.
.png)
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
.png)
-min.png)
The World's Best SOC Teams Use Anvilogic
.svg)
