Most Recent

Attack Graph Response to CISA Advisory AA23-158A: #StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability

AttackIQ has released a new attack graph and two network security validation scenarios in response to the recently published CISA Advisory (AA23-158A) detailing the CL0P Ransomware Gang. This actor also known as TA505, is a financially motivated and highly sophisticated criminal adversary considered to be a major player in the e-crime scene that has left a significant impact on the global cybersecurity landscape.

Attack Graph Response to CISA Advisory (AA23-136A): #StopRansomware: BianLian Ransomware Group

AttackIQ has released a new attack graph in response to the recently published CISA Advisory (AA23-136A) that disseminates known BianLian ransomware group techniques and indicators identified through FBI and ACSC. BianLian is a ransomware developer, deployer, and data extortion cybercriminal group that has targeted organizations in multiple U.S. critical infrastructure sectors since June 2022. They have also targeted Australian critical infrastructure sectors in addition to professional services and property development. Targeted Sectors: Energy, Resources & Utilities, Professional Services, Construction
 Author: Francis Guibernau, Ken Towne

Response to CISA Advisory AA23-131A: Malicious Actors Exploit PaperCut MF and NG

On May 11, 2023, the Cybersecurity and Infrastructure Security Agency (CISA) released a joint Cybersecurity Advisory (CSA) detailing ongoing exploitation of a vulnerability in PaperCut MF and NG by cyber criminals. AttackIQ has released four new scenarios that emulates the exploitation of CVE-2023-27350 to help customers validate their security controls and their ability to defend against this widely exploited vulnerability.

Attack Graph Response to CISA Advisory AA23-129A: Hunting Russian Intelligence “Snake” Malware

AttackIQ has released two new attack graphs in response to the recently published CISA Advisory (AA23-129A) that details the efforts taken by U.S. agencies to disrupt the peer-to-peer network infrastructure used by the Russian threat actor Turla and their Snake malware. Turla is the public name given to actors associated with cyberattacks conducted by Center 16 of Russia’s Federal Security Service (FSB).

Response to Lazarus’ 3CX Supply Chain Compromise

AttackIQ has released a new attack graph that aims to emulate the activities linked to the recent supply chain attack against the software developed by the company 3CX. This new release aims to emulate the activities carried out during the initial stages of the system compromise and the hands-on keyboard activity led by Lazarus Group.

Emulating the Infamous Modular Banking Trojan BokBot

AttackIQ has released two new attack graphs that emulate recent activities involving the banking trojan known as BokBot, which has been primarily focused on exfiltrating data and stealing credentials. This new release continues our focused research on emulating shared e-crime malware used in attacks by multiple adversaries.