April 3, 2025
AttackIQ recommends that customers take the following testing actions in alignment with the recently published CISA Advisory (AA25-093A) which highlights the ongoing and evolving threat of fast flux techniques. These techniques are increasingly being adopted by a growing number of adversaries, making it critical for organizations to take proactive steps in mitigating this persistent threat.
April 2, 2025
AttackIQ has released a new assessment template that emulates the various post-compromise Tactics, Techniques, and Procedures (TTPs) associated with the sabotage-motivated Russian adversary Seashell Blizzard.
March 19, 2025
AttackIQ has released a new assessment template that emulates the various post-compromise Tactics, Techniques, and Procedures (TTPs) associated with the sabotage-motivated Chinese adversary Salt Typhoon.
March 13, 2025
AttackIQ has released a new assessment template in response to the CISA Advisory (AA25-071A) published on March 12, 2025, which details new behaviors exhibited by Medusa Ransomware.
March 6, 2025
AttackIQ has released a new attack graph emulating the behaviors exhibited by RansomHub ransomware since its emergence in February 2024. This sophisticated ransomware employs double extortion techniques and shares notable similarities with Knight ransomware.
February 26, 2025
AttackIQ has released a new attack graph emulating the behaviors exhibited by Akira ransomware since its emergence in March 2023. Akira operators provide victims the option to pay for either file decryption or data deletion rather than being forced to pay for both. Reported ransom demands range from 200,000 USD to over 4 million USD.
February 20, 2025
AttackIQ has released a new attack graph in response to the CISA Advisory (AA25-050A) published on February 19, 2025, which disseminates known Ghost Ransomware Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IOCs) identified through FBI investigations as recently as January 2025.
February 14, 2025
AttackIQ has released two new attack graphs that emulate the behaviors exhibited by the long-standing, financially motivated Russian criminal adversary known as FIN7 based on activities observed between 2022 and 2023.
January 27, 2025
AttackIQ has released a new attack graph emulating the behaviors exhibited by Hunters International ransomware since its discovery in October 2023. Technical analysis suggests a realistic possibility that Hunters International may have been deployed by actors linked to the disrupted Hive operation. However, while it bears significant similarities, Hunters International is not a direct rebrand.
January 24, 2025
AttackIQ has released a new assessment template in response to the CISA Advisory (AA25-022A) published on January 22, 2025, which details the exploitation of vulnerabilities discovered in Ivanti Cloud Service Appliances during September 2024.
January 16, 2025
AttackIQ has released an updated attack graph in response to the recently revised CISA Advisory (AA23-136A) that disseminates known BianLian ransomware group Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs) identified through the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Cyber Security Centre (ACSC) investigations.
January 9, 2025
AttackIQ has released a new attack graph emulating the behaviors exhibited by Ako ransomware since its emergence in January 2020. Contrary to many ransomware strains that focus on individual workstations, Ako targets entire networks, maximizing its impact. It is considered a variant of MedusaLocker due to numerous shared traits, including its defensive behavior and its strategic isolation of specific machines for encryption.
December 12, 2024
AttackIQ has released two new attack graphs that emulate the behaviors exhibited by the long-standing, financially motivated criminal adversary known as FIN7 during its most recent activities in 2024.
December 3, 2024
In today’s rapidly evolving threat landscape, cyber defense is more crucial than ever. As we introduce Flex 3.0, let’s first look at what drives the need for a stronger, smarter approach to detection. Advanced persistent threats (APTs) and sophisticated attacker tactics are now part of the norm. Modern attackers are faster and more creative, taking mere hours to move from initial compromise to reaching their objectives. Yet, detecting an attacker often takes days—sometimes even months.
November 22, 2024
In response to the recently published CISA Advisory (AA24-326A) which highlights the CISA Red Team’s simulation of real-world malicious cyber operations, AttackIQ has provided actionable recommendations to help organizations emulate these attacks. These guidelines enable organizations to emulate tactics and techniques, helping to assess and improve their defenses against similar adversarial behaviors.
November 13, 2024
In response to the recently published CISA Advisory (AA24-317A) that disseminates the top routinely exploited vulnerabilities from 2023, AttackIQ has proposed a multitude of recommendations that customers can take to emulate these prevalent vulnerabilities.
November 12, 2024
AttackIQ has released a new attack graph that seeks to emulate the Tactics, Techniques and Procedures (TTPs) associated with the destructive WhisperGate malware.
October 21, 2024
The Indo-Pacific region has emerged as a focal point of geopolitical tension and technological competition.
October 18, 2024
A Preview of Next-Gen Threat-Informed Defense at ATT&CKCon 2024.
October 17, 2024
AttackIQ has released a new assessment template in response to the CISA Advisory (AA24-290A), published on October 16, 2024. The advisory highlights that since October 2023, Iranian cyber actors have used password spraying and multifactor authentication (MFA) ‘push bombing’ to compromise user accounts and gain access to organizations across various critical infrastructure sectors.
October 15, 2024
AttackIQ has released a new assessment template that addresses the numerous post-compromise Tactics, Techniques, and Procedures (TTPs) associated with the subscription-based information stealer known as Lumma Stealer.
October 3, 2024
AttackIQ has released a new attack graph that emulates the behaviors exhibited by the Hadooken malware during intrusions that abused misconfigurations and critical Remote Code Execution (RCE) vulnerabilities on public-facing Oracle Weblogic Servers.
September 19, 2024
AttackIQ has released a new attack graph that emulates the behaviors exhibited by Medusa ransomware since the beginning of its activities in June 2021. Medusa is predominantly propagated through the exploitation of vulnerable services, such as public-facing assets or applications with known unpatched vulnerabilities, and the hijacking of legitimate accounts, often using Initial Access Brokers (IABs) for infiltration.
September 12, 2024
AttackIQ has released a new attack graph that seeks to emulate the Tactics, Techniques and Procedures (TTPs) associated with Ebury Linux malware. Despite previous arrests and actions against key perpetrators, Ebury continues to evolve, and its operations remain active.