October 15, 2024
AttackIQ has released a new assessment template that addresses the numerous post-compromise Tactics, Techniques, and Procedures (TTPs) associated with the subscription-based information stealer known as Lumma Stealer.
September 19, 2024
AttackIQ has released a new attack graph that emulates the behaviors exhibited by Medusa ransomware since the beginning of its activities in June 2021. Medusa is predominantly propagated through the exploitation of vulnerable services, such as public-facing assets or applications with known unpatched vulnerabilities, and the hijacking of legitimate accounts, often using Initial Access Brokers (IABs) for infiltration.
September 10, 2024
AttackIQ has released a new assessment template in response to the CISA Advisory (AA24-249A) published on September 5, 2024, that assesses cyber actors affiliated with the Russian General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155), who are responsible for computer network operations against global targets for the purposes of espionage, sabotage, and reputational harm since at least 2020.
September 5, 2024
AttackIQ has released a new assessment template in response to the CISA Advisory (AA24-207A) published on August 29, 2024, that disseminates known RansomHub ransomware IOCs and TTPs that have been identified through FBI threat response activities and third-party reporting as recently as August 2024.
August 30, 2024
AttackIQ has released a new attack graph that emulates the behaviors exhibited by Mallox ransomware since the beginning of its activities in June 2021. Mallox primarily gains access to victim networks through dictionary brute-force attacks against unsecured MS-SQL servers.
August 2, 2024
AttackIQ has released a new attack graph that emulates the behaviors exhibited by Prestige ransomware since the beginning of its activities in October 2022. Prestige has been observed targeting organizations in the transportation and related logistics sectors located in Ukraine and Poland. In November 2022, it was assessed that the Russian adversary known as Sandworm was most likely behind these attacks.
July 31, 2024
AttackIQ has released a new attack graph that emulates the behaviors exhibited by the North Korean state-sponsored adversary Andariel during Operation Blacksmith which affected manufacturing, agricultural and physical security companies in multiple regions.
July 26, 2024
AttackIQ has released a new assessment template in response to the CISA Advisory (AA24-207A) published on July 25, 2024, that highlights cyber espionage activity associated with the Democratic People’s Republic of Korea (DPRK)’s Reconnaissance General Bureau (RGB) 3rd Bureau based in Pyongyang and Sinuiju.
July 25, 2024
AttackIQ has released a new attack graph that emulates the behaviors exhibited by the Cactus ransomware since the beginning of its activities in March 2023. Cactus has targeted a wide variety of organizations since its inception and has breached more than 140 entities as of July 2024.
July 11, 2024
AttackIQ has released a new attack graph that emulates the behaviors exhibited by the extortionist ransomware Nefilim during activities against multiple organizations, primarily based in North or South America, distributed in the financial, manufacturing, or transportation industries since its emergence in March 2020.
July 3, 2024
AttackIQ has released two new attack graphs that emulate the behaviors exhibited by the highly sophisticated Russian adversary Sandworm during various destructive activities against targets in Ukraine and other countries in the region shortly before the launch of the Russian invasion on February 24, 2022.
June 5, 2024
AttackIQ has released a new attack graph in response to the CISA Advisory (AA24-060A) published on February 29, 2024, which disseminates known Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IOCs) associated with the Phobos Ransomware variants observed as recently as February 2024.
May 17, 2024
AttackIQ has released a new attack graph in response to the recently published CISA Advisory (AA24-131A) which disseminates known Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IOCs) associated to Black Basta ransomware, a ransomware variant whose operators have encrypted and stolen data from at least 12 out of 16 critical infrastructure sectors, including the Healthcare and Public Health (HPH) Sector.
March 8, 2024
AttackIQ has released a new assessment template in response to the recent wave of zero-day vulnerability exploits affecting ConnectWise’s ScreenConnect software. This assessment template comprises the various Tactics, Techniques, and Procedures (TTPs) exhibited by several adversaries observed exploiting these vulnerabilities to deploy different families of Ransomware.
March 7, 2024
AttackIQ has released an update to the BlackCat ransomware emulation in response to the recent revision of the CISA Advisory (AA23-353A) which disseminates Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs) identified through FBI investigations as recently as February 2024.
March 6, 2024
AttackIQ has released a new assessment template that emulates the various Post-Compromise Tactics, Techniques, and Procedures (TTPs) associated with the politically motivated Russian adversary Sandworm.
March 1, 2024
AttackIQ has released a new assessment template in response to the recently published CISA Advisory (AA24-060A) which disseminates known Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IOCs) associated with the Phobos Ransomware variants observed as recently as February 2024.
February 14, 2024
AttackIQ has released three new attack graphs that seek to emulate the Tactics, Techniques and Procedures (TTPs) associated with and exhibited by the infamous loader known as DarkGate during its activities in 2023.
February 7, 2024
AttackIQ has released a new assessment template in response to the recent wave of zero-day vulnerability exploits targeting various appliances produced by software company Ivanti.
This assessment template emulates the different Tactics, Techniques, and Procedures (TTPs) exhibited by the UNC5221 adversary after successful exploitation of CVE-2023-46805 (authentication bypass) and CVE-2024-21887 (command injection).
January 19, 2024
AttackIQ has released a new assessment template in response to the recently published CISA Advisory (AA24-016A) which disseminates known Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs) associated with threat actors deploying Androxgh0st malware.
December 29, 2023
AttackIQ has released a new attack graph in response to the recently published CISA Advisory (AA23-353A) which disseminates Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs) associated with the ALPHV BlackCat Ransomware-as-a-Service (RaaS) identified through FBI investigations as recently as December 6, 2023.
December 23, 2023
AttackIQ has released a new attack graph in response to the recently published CISA Advisory (AA23-352A) which disseminates Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs) associated with the Play Ransomware group, identified through FBI investigations as recently as October 2023.
December 21, 2023
AttackIQ has released a new attack graph in response to the recently published CISA Advisory (AA23-347A) which assesses that cyber actors from the Russian Foreign Intelligence Service (SVR) have been observed targeting servers hosting JetBrains TeamCity software by exploiting vulnerability CVE-2023-42793 on a large scale, since September 2023.
December 7, 2023
AttackIQ has released two new attack graphs and one new scenario in response to the recently published CISA Advisory (AA23-339A) that disseminates Indicators of Compromise (IOCs), Tactics, Techniques, and Procedures (TTPs), and detection methods associated with the exploitation of CVE-2023-26360 at a Federal Civilian Executive Branch (FCEB). These attack graphs are based on two separate incidents that compromised at least two public-facing servers at a FCEB between June and July 2023.