May 22, 2025
AttackIQ has updated an existing assessment template in response to the CISA Advisory (AA25-141B) published on May 21, 2025, which disseminates Tactics, Techniques and Procedures (TTPs) and Indicators of Compromise (IOCs), associated with threat actors deploying the LummaC2 information stealer malware, identified through FBI investigations as recent as May 2025.
May 21, 2025
AttackIQ has released a new assessment template in response to the CISA Advisory (AA25-141A) published on May 21, 2025. The CSA highlights a cyber espionage-oriented campaign carried out by cyber actors affiliated with the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (Unit 26165), targeting Western logistics entities and technology companies.
May 15, 2025
AttackIQ has released a new attack graph emulating the behaviors exhibited by VanHelsing ransomware, a new and rapidly growing ransomware-as-a-service (RaaS) affiliate program that emerged in March 2025. This emulation enables defenders to test and validate their detection and response capabilities against this new threat.
May 8, 2025
AttackIQ has released a new attack graph emulating the behaviors exhibited by Termite ransomware since its emergence in November 2024. Termite is widely believed to be based on Babuk Ransomware, a defunct strain whose source code was leaked in 2021. While Babuk’s influence remains evident, particularly in encryption routines and general behavior, Termite distinguishes itself by aggressively targeting environment-specific vulnerabilities.
April 24, 2025
AttackIQ has released a new attack graph emulating the behaviors exhibited by Helldown ransomware since its emergence in August 2024. Helldown is operated by the eponymous and still largely undocumented adversary, which employs double extortion tactics by exfiltrating sensitive data prior to encrypting victim systems and threatening to leak the data on its Dedicated Leak Site (DLS)
April 24, 2025
AttackIQ Academy Enterprise is our answer to this challenge. This new solution gives security leaders clear visibility into their employees’ learning progress through an interactive dashboard displaying comprehensive training metrics and assessment results.
April 17, 2025
AttackIQ has released three new attack graphs designed to emulate the Tactics, Techniques, and Procedures (TTPs) associated with StrelaStealer observed in its most recent activities, enabling defenders to test and validate their detection and response capabilities.
April 9, 2025
AttackIQ has released a new attack graph designed to emulate the Tactics, Techniques, and Procedures (TTPs) associated with CatB ransomware observed in its most recent activities, enabling defenders to test and validate their detection and response capabilities.
April 3, 2025
AttackIQ recommends that customers take the following testing actions in alignment with the recently published CISA Advisory (AA25-093A) which highlights the ongoing and evolving threat of fast flux techniques. These techniques are increasingly being adopted by a growing number of adversaries, making it critical for organizations to take proactive steps in mitigating this persistent threat.
April 2, 2025
AttackIQ has released a new assessment template that emulates the various post-compromise Tactics, Techniques, and Procedures (TTPs) associated with the sabotage-motivated Russian adversary Seashell Blizzard.
March 19, 2025
AttackIQ has released a new assessment template that emulates the various post-compromise Tactics, Techniques, and Procedures (TTPs) associated with the sabotage-motivated Chinese adversary Salt Typhoon.
March 13, 2025
AttackIQ has released a new assessment template in response to the CISA Advisory (AA25-071A) published on March 12, 2025, which details new behaviors exhibited by Medusa Ransomware.
March 6, 2025
AttackIQ has released a new attack graph emulating the behaviors exhibited by RansomHub ransomware since its emergence in February 2024. This sophisticated ransomware employs double extortion techniques and shares notable similarities with Knight ransomware.
February 26, 2025
AttackIQ has released a new attack graph emulating the behaviors exhibited by Akira ransomware since its emergence in March 2023. Akira operators provide victims the option to pay for either file decryption or data deletion rather than being forced to pay for both. Reported ransom demands range from 200,000 USD to over 4 million USD.
February 20, 2025
AttackIQ has released a new attack graph in response to the CISA Advisory (AA25-050A) published on February 19, 2025, which disseminates known Ghost Ransomware Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IOCs) identified through FBI investigations as recently as January 2025.
February 14, 2025
AttackIQ has released two new attack graphs that emulate the behaviors exhibited by the long-standing, financially motivated Russian criminal adversary known as FIN7 based on activities observed between 2022 and 2023.
January 27, 2025
AttackIQ has released a new attack graph emulating the behaviors exhibited by Hunters International ransomware since its discovery in October 2023. Technical analysis suggests a realistic possibility that Hunters International may have been deployed by actors linked to the disrupted Hive operation. However, while it bears significant similarities, Hunters International is not a direct rebrand.
January 24, 2025
AttackIQ has released a new assessment template in response to the CISA Advisory (AA25-022A) published on January 22, 2025, which details the exploitation of vulnerabilities discovered in Ivanti Cloud Service Appliances during September 2024.
January 16, 2025
AttackIQ has released an updated attack graph in response to the recently revised CISA Advisory (AA23-136A) that disseminates known BianLian ransomware group Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs) identified through the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Cyber Security Centre (ACSC) investigations.
January 9, 2025
AttackIQ has released a new attack graph emulating the behaviors exhibited by Ako ransomware since its emergence in January 2020. Contrary to many ransomware strains that focus on individual workstations, Ako targets entire networks, maximizing its impact. It is considered a variant of MedusaLocker due to numerous shared traits, including its defensive behavior and its strategic isolation of specific machines for encryption.
December 12, 2024
AttackIQ has released two new attack graphs that emulate the behaviors exhibited by the long-standing, financially motivated criminal adversary known as FIN7 during its most recent activities in 2024.
December 3, 2024
In today’s rapidly evolving threat landscape, cyber defense is more crucial than ever. As we introduce Flex 3.0, let’s first look at what drives the need for a stronger, smarter approach to detection. Advanced persistent threats (APTs) and sophisticated attacker tactics are now part of the norm. Modern attackers are faster and more creative, taking mere hours to move from initial compromise to reaching their objectives. Yet, detecting an attacker often takes days—sometimes even months.
November 22, 2024
In response to the recently published CISA Advisory (AA24-326A) which highlights the CISA Red Team’s simulation of real-world malicious cyber operations, AttackIQ has provided actionable recommendations to help organizations emulate these attacks. These guidelines enable organizations to emulate tactics and techniques, helping to assess and improve their defenses against similar adversarial behaviors.
November 13, 2024
In response to the recently published CISA Advisory (AA24-317A) that disseminates the top routinely exploited vulnerabilities from 2023, AttackIQ has proposed a multitude of recommendations that customers can take to emulate these prevalent vulnerabilities.