Anvilogic Forge Threat Research Reports
Here you can find an accumulation of trending threats published weekly by the Anvilogic team.
We curate threat intelligence to provide situational awareness and actionable insights
Atomic detections that serve as the foundation of our detection framework.
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Microsoft Warns of Growing Cyber Risks in Rural Healthcare
Microsoft warns rural U.S. hospitals face escalating cyber threats from ransomware and nation-state actors. Limited resources and outdated tech leave them vulnerable, risking patient care and hospital viability. Microsoft calls for urgent investment, launching a cybersecurity program and urging government support to protect critical healthcare infrastructure.
Lotus Blossom Uses Sagerunex for Long-Term Access
Cisco Talos links Lotus Blossom to long-running cyber espionage using the Sagerunex backdoor. Active since 2016, Sagerunex variants integrate with Dropbox, Twitter, and Zimbra for covert C2. Targeting governments and telecoms in Asia, the threat actor focuses on stealth, persistence, and data exfiltration via cloud-based infrastructure.
Black Basta Operators Suspected of Pivoting to Cactus Ransomware Following Leaked Chats
Trend Micro reports a shift from Black Basta to Cactus ransomware, citing leaked chats and shared TTPs, malware, and infrastructure. Social engineering via Microsoft Teams and Quick Assist is central to both groups. The suspected pivot raises concerns for sectors already hit by Black Basta, including manufacturing and finance.
Microsoft Identifies Cybercrime Gang Exploiting AI for Illicit Content Generation
Microsoft exposed cybercrime group Storm-2139 for abusing AI to create illicit content and bypass safeguards. Members from Iran, UK, Hong Kong, and Vietnam were named in legal action. The gang resold unauthorized access to AI tools. Microsoft seized infrastructure, disrupted operations, and is pursuing law enforcement referrals globally.
OpenAI Continues to Disrupt Cyber Threat Actors Exploiting AI for Influence Operations and Cybercrime
OpenAI disrupted multiple threat actors exploiting AI for cybercrime, disinformation, and surveillance. Activity spanned North Korean fraud schemes, Chinese propaganda, Iranian influence ops, and romance scams. OpenAI banned accounts tied to groups like APT38 and STORM-2035, and continues to collaborate with industry peers to prevent AI misuse globally.
Patched Check Point Vulnerability CVE-2024-24919 Exploited to Deploy ShadowPad Malware and Ransomware
CVE-2024-24919, patched in May 2024, is being exploited to steal VPN credentials, enabling ShadowPad and ransomware deployment. Targeting manufacturing and healthcare sectors, attackers gain access via VPNs, move laterally using RDP and SMB, and use DLL sideloading for persistence. Organizations are urged to patch and monitor activity.
.png)
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
.png)
Whitepapers
The World's Best SOC Teams Use Anvilogic
.svg)
