Most Recent

Beneath the Shadows: DarkGate

Join us as we uncover DarkGate, a malevolent force that strikes fear into the hearts of organizations worldwide. DarkGate has morphed into a sophisticated adversary, utilizing Drive-by Downloads and DanaBot deployment to wreak havoc. But fear not! With AttackIQ Flex at your side, you'll be equipped to wage war against these digital demons and emerge victorious in the fight for cybersecurity supremacy.

Response to CISA Advisory (AA24-060B): Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways

In response to the recently published CISA Advisory (AA24-060B) that disseminates observed threat actor activities, Indicators of Compromise (IOCs), and mitigations associated with ongoing incident response activities in connection with the recent Ivanti Connect Secure and Ivanti Policy Secure Gateway vulnerabilities CVE-2023-46805, CVE-2024-21887 and CVE-2024-21893, AttackIQ recommends that customers take the following testing actions in alignment with this recently observed activity.

Response to CISA Advisory (AA24-057A): SVR Cyber Actors Adapt Tactics for Initial Cloud Access

AttackIQ recommends that customers take the following testing actions in alignment to the recently published CISA Advisory (AA24-057A) which details recent Tactics, Techniques, and Procedures (TTPs) exhibited by the Russian Foreign Intelligence Service (SVR) adversary known as APT29 during activities in which it sought to gain initial access to the cloud infrastructure of government entities and corporations.

Response to an Unknown Threat Actor Who Leveraged a Compromised Account to Access State Government Organization

In response to the recently published CISA Advisory (AA24-046A) that disseminates Tactics, Techniques, Procedures (TTPs) and mitigations associated with a recent incident response assessment of a state government organization’s network, AttackIQ recommends that customers take the following testing actions in alignment with this recently observed activity.

Response to CISA Advisory (AA24-038A): PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure

AttackIQ has released a new attack graph in response to the recently published CISA Advisory (AA24-038A) which assesses that the People’s Republic of China (PRC) state-sponsored cyber actors are seeking to pre-position themselves on IT networks for disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a major crisis or conflict with the United States.

The Shape Shifting Cameleon: QakBot

QakBot, also recognized as Qbot, Quackbot, Pinkslipbot, and TA570, has etched its name among other cyber threats, leaving a trail of thousands of malware infections globally. Dive in as we explore QakBot’s genesis, its evolution, some specific tactics used and how you can test your defenses against them with AttackIQ Flex.

Response to Ivanti’s Recent Zero-day Vulnerability Exploitation

AttackIQ has released a new assessment template in response to the recent wave of zero-day vulnerability exploits targeting various appliances produced by software company Ivanti. This assessment template emulates the different Tactics, Techniques, and Procedures (TTPs) exhibited by the UNC5221 adversary after successful exploitation of CVE-2023-46805 (authentication bypass) and CVE-2024-21887 (command injection).