Emulating the Highly Sophisticated North Korean Adversary Lazarus Group
AttackIQ has released a bundle of content consisting of six new attack graphs that seek to emulate the campaigns and operations led by the infamous North Korean-sponsored adversary Lazarus Group against entities worldwide across multiple sectors.
Emulating the Politically Motivated North Korean Adversary Andariel
AttackIQ has released a bundle of content that includes three new attack graphs that seek to emulate different cyberspace operations led by the North Korean-sponsored threat actor Andariel against multiple entities located in Asia, predominantly in South Korea, through the use of downloaders, backdoors, and custom ransomware.
Attack Graph Response to APT36 Targeted Attacks Against Indian Governmental Organizations
AttackIQ has released a new attack graph that seeks to emulate the activity carried out by the politically motivated Pakistan-based adversary known as APT36 or Transparent Tribe. This newly released attack graph emulates the behaviors observed in attacks against victims working in Indian government organizations.
Emulating the Financially Motivated North Korean Adversary BlueNoroff
AttackIQ has released a bundle of content including four new attack graphs that seek to emulate two types of attacks conducted by the North Korean adversary BlueNoroff. The newly released graphs emulate the behaviors used in the attacks against the Society for Worldwide Interbank Financial Telecommunication (SWIFT) software and organizations involved in cryptocurrency.
Attack Graph Response to US-CERT Alert (AA22-335A): #StopRansomware: Cuba Ransomware
AttackIQ has released a new fully featured attack graph that emulates the tactics, techniques, and procedures (TTPs) associated to attacks involving Cuba ransomware.This release is a follow-up to an FBI FLASH alert published in December 2021 that first detailed the initial attacks against 49 entities in critical infrastructure sectors. The Cuba ransomware actors have since doubled the number of U.S. victims and compromised over 100 entities worldwide.
Attack Graph Response to US-CERT Alert (AA22-320A): Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester
AttackIQ has released a new fully featured attack graph that emulates the tactics, techniques, and procedures (TTPs) observed in an attack by Iranian-sponsored adversaries against a Federal Civilian Executive Branch (FCEB) organization in the U.S.
Emulating the Sophisticated Russian Adversary APT28
AttackIQ has released a content bundle including two new attack graphs covering two historical APT28 campaigns involving their SkinnyBoy and Zebrocy malware families and standalone scenarios emulating command-and-control traffic to test boundary controls.
Attack Graph Response to US-CERT Alert (AA22-257A): Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Ransom Operations
AttackIQ has released a new attack graph emulating the techniques used by Iranian actors to compromise and encrypt systems — without the need for malware — to help customers defend against threats that try to operate while living solely off the land.
Attack Graph Response to US-CERT Alert (AA22-249A): #StopRansomware Vice Society
AttackIQ has released a new attack graph emulating a Vice Society attack to help customers validate their security controls and their ability to defend against this threat actor and others who utilize similar behaviors.
OilRig Attack Graphs: Emulating the Iranian Threat Actor’s Global Campaigns
AttackIQ has released two new attack graphs that emulate different aspects of OilRig’s operations against multiple sectors around the globe. With these attack graphs, you can test and validate your defenses to improve cybersecurity readiness.
Attack Graph Response to US-CERT Alert (AA22-174A): Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems
AttackIQ has released two new fully featured attack graphs emulating the tactics, techniques, and procedures (TTPs) used by likely nation-state adversaries that continue exploiting the Log4Shell vulnerability in VMware Horizon Systems.