November 12, 2024
AttackIQ has released a new attack graph that seeks to emulate the Tactics, Techniques and Procedures (TTPs) associated with the destructive WhisperGate malware.
October 21, 2024
The Indo-Pacific region has emerged as a focal point of geopolitical tension and technological competition.
October 18, 2024
A Preview of Next-Gen Threat-Informed Defense at ATT&CKCon 2024.
October 17, 2024
AttackIQ has released a new assessment template in response to the CISA Advisory (AA24-290A), published on October 16, 2024. The advisory highlights that since October 2023, Iranian cyber actors have used password spraying and multifactor authentication (MFA) ‘push bombing’ to compromise user accounts and gain access to organizations across various critical infrastructure sectors.
October 15, 2024
AttackIQ has released a new assessment template that addresses the numerous post-compromise Tactics, Techniques, and Procedures (TTPs) associated with the subscription-based information stealer known as Lumma Stealer.
October 3, 2024
AttackIQ has released a new attack graph that emulates the behaviors exhibited by the Hadooken malware during intrusions that abused misconfigurations and critical Remote Code Execution (RCE) vulnerabilities on public-facing Oracle Weblogic Servers.
September 19, 2024
AttackIQ has released a new attack graph that emulates the behaviors exhibited by Medusa ransomware since the beginning of its activities in June 2021. Medusa is predominantly propagated through the exploitation of vulnerable services, such as public-facing assets or applications with known unpatched vulnerabilities, and the hijacking of legitimate accounts, often using Initial Access Brokers (IABs) for infiltration.
September 12, 2024
AttackIQ has released a new attack graph that seeks to emulate the Tactics, Techniques and Procedures (TTPs) associated with Ebury Linux malware. Despite previous arrests and actions against key perpetrators, Ebury continues to evolve, and its operations remain active.
September 10, 2024
AttackIQ has released a new assessment template in response to the CISA Advisory (AA24-249A) published on September 5, 2024, that assesses cyber actors affiliated with the Russian General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155), who are responsible for computer network operations against global targets for the purposes of espionage, sabotage, and reputational harm since at least 2020.
September 5, 2024
AttackIQ has released a new assessment template in response to the CISA Advisory (AA24-207A) published on August 29, 2024, that disseminates known RansomHub ransomware IOCs and TTPs that have been identified through FBI threat response activities and third-party reporting as recently as August 2024.
August 30, 2024
AttackIQ has released a new attack graph that emulates the behaviors exhibited by Mallox ransomware since the beginning of its activities in June 2021. Mallox primarily gains access to victim networks through dictionary brute-force attacks against unsecured MS-SQL servers.
August 29, 2024
AttackIQ has released a new assessment template in response to the CISA Advisory (AA24-241A) published on August 28, 2024. The advisory outlines espionage activity associated with a specific group of Iranian cyber actors that have conducted a high volume of intrusion attempts against US organizations since 2017 and as recently as August 2024
August 23, 2024
In response to the recent CISA Advisory (AA24-234A) outlining best practices for event logging and threat detection, AttackIQ, in alignment with CISA’s guidance, strongly encourages organizations to engage in continuous testing against known, real-world adversary behaviors and TTPs through rigorous security control validation.
August 2, 2024
AttackIQ has released a new attack graph that emulates the behaviors exhibited by Prestige ransomware since the beginning of its activities in October 2022. Prestige has been observed targeting organizations in the transportation and related logistics sectors located in Ukraine and Poland. In November 2022, it was assessed that the Russian adversary known as Sandworm was most likely behind these attacks.
August 1, 2024
Revolutionizing security testing with continuous security validation.
August 1, 2024
In the ultramodern, mercurial sphere of cybersecurity, somehow a 1700-year-old quote from Helena of Constantinople still deeply resonates. Even with seemingly robust defenses, the smallest vulnerability can be an open invitation for threats like AsyncRAT to infiltrate your system, underscoring the importance of continuous testing to ensure that your existing controls – your rat traps – are functioning effectively.
July 31, 2024
AttackIQ has released a new attack graph that emulates the behaviors exhibited by the North Korean state-sponsored adversary Andariel during Operation Blacksmith which affected manufacturing, agricultural and physical security companies in multiple regions.
July 26, 2024
AttackIQ has released a new assessment template in response to the CISA Advisory (AA24-207A) published on July 25, 2024, that highlights cyber espionage activity associated with the Democratic People’s Republic of Korea (DPRK)’s Reconnaissance General Bureau (RGB) 3rd Bureau based in Pyongyang and Sinuiju.
July 25, 2024
AttackIQ has released a new attack graph that emulates the behaviors exhibited by the Cactus ransomware since the beginning of its activities in March 2023. Cactus has targeted a wide variety of organizations since its inception and has breached more than 140 entities as of July 2024.
July 15, 2024
AttackIQ has released two new assessment templates in response to the CISA Advisory (AA24-193A) published on July 11, 2024, that disseminates Tactics, Techniques and Procedures (TTPs), mitigation and detection methods associated with SILENTSHIELD red team assessment carried out by CISA against a Federal Civilian Executive Branch (FCEB) organization.
July 11, 2024
AttackIQ has released a new attack graph that emulates the behaviors exhibited by the extortionist ransomware Nefilim during activities against multiple organizations, primarily based in North or South America, distributed in the financial, manufacturing, or transportation industries since its emergence in March 2020.
July 9, 2024
AttackIQ recently launched AttackIQ Mission Control, a powerful new feature within AttackIQ Enterprise designed to streamline security control testing for large organizations with decentralized teams. Effective security control testing empowers businesses to reduce risk, improve efficiency, and maximize the return on investment (ROI) of their cybersecurity programs.