November 2, 2023
In the covert realm of cyberspace, a formidable adversary has emerged – a state-sponsored, North Korean group known as Kimsuky. Their clandestine operations are not motivated by profit, but by the pursuit of state secrets and strategic intelligence for the Democratic People’s Republic of Korea (DPKR).
November 1, 2023
AttackIQ has released a new attack graph in response to the recently published CISA Advisory (AA23-284A) that disseminates known Indicators of Compromise (IOCs), Tactics, Techniques, and Procedures (TTPs), and detection methods associated with AvosLocker ransomware identified through FBI investigations as recent as May 2023. AvosLocker is known for conducting activities against organizations across multiple critical infrastructure sectors using legitimate software and open-source remote system administration tools.
October 26, 2023
If you’ve at all followed the work of AttackIQ’s Adversary Research Team (ART) in recent years, you’re well aware of their relentless pursuit for actionable, incisive, quantitative, and cutting-edge insights into the art (no pun intended) of adversary emulation.
October 18, 2023
As newer and more sophisticated threats continue to enter today’s cyber landscape, content filtering remains a tried-and-true tool that aids organizations in threat prevention, regulatory compliance, network security and policy enforcement by controlling and managing the type of content users can access or share based on defined criteria. Making sure these policies work is critical in preventing insider threats and maintaining compliance with corporate usage policies.
October 11, 2023
In the ongoing battle against cyber threats, the synergy between Endpoint Antivirus (AV) software and a cutting-edge solution like AttackIQ Flex plays a pivotal role in fortifying your defenses.
October 9, 2023
AttackIQ has released three new attack graphs that aim to emulate the recent activities involving the commodity JavaScript-based downloader known as GootLoader.
October 4, 2023
AttackIQ has released a new attack graph in response to the recently published CISA Advisory (AA23-263A) that disseminates known Snatch ransomware threat actor’s techniques and indicators identified through FBI investigations as recent as June 2023. Snatch operators are known to conduct activities against a wide range of critical infrastructure sectors and carry out double-extortion tactics to improve their chances of successfully receiving a ransom payment.
October 4, 2023
EDR testing is a critical component of maintaining a bulletproof defense posture, but it doesn’t have to be hard to do.
September 27, 2023
AttackIQ has released a new Flex package designed to replicate the activities associated with the recent supply chain attack on 3CX software by Lazarus Group, a North Korean-based adversary.
September 25, 2023
AttackIQ has released a new attack graph in response to the recently published CISA Advisory (AA23-250A) that seeks to emulate the activities carried out by multiple nation-state threat actors at an Aeronautical Sector organization as early as January 2023.
September 20, 2023
AttackIQ has released two new attack graphs that seek to emulate the various activities carried out by the controversial Ransomware-as-a-Service (RaaS) known as Rhysida against multiple targets worldwide since its discovery in May 2023.
September 19, 2023
Programmatic cloud testing can be your true north.
September 7, 2023
The rise of remote work, branch networks, and the entwining of IoT and OT systems have created vast network footprints, making identifying vulnerabilities more challenging than ever. Cyber threats loom large, and with the stakes higher than ever, ensuring your defenses are impervious is paramount.
August 31, 2023
In a world where time is a precious resource, AttackIQ Flex ensures your security controls are prepared for the challenges posed by M&A and remote network integrations.
August 23, 2023
The implications of not conducting security control testing are profound. Adversaries are relentless and will exploit vulnerabilities if given the chance. The potential impact includes data breaches, financial losses, damage to reputation, and regulatory penalties.
August 18, 2023
AttackIQ has released a new attack graph that aims to emulate activities observed by the politically and military motivated state-sponsored Iranian-based adversary APT35, who is known to target multiple industries primarily in Europe, the Middle East, and North America.
August 3, 2023
AttackIQ has helped hundreds of companies across the global 2000 to conduct automated testing at scale, powered by MITRE ATT&CK. Building on a decade of success, we are now making testing available for everyone. Here’s what that means.
July 28, 2023
AttackIQ has released a content bundle consisting of two new attack graphs that seek to emulate the operations carried out by the Chinese-based adversary Gallium against the Telecommunications sector in recent years.
July 10, 2023
AttackIQ has released a new attack graph in response to the recently published CISA Advisory (AA23-187A) that seeks to emulate the activities carried out by the financially motivated and highly sophisticated criminal adversary known as TA505.
June 27, 2023
AttackIQ has released a new attack graph that aims to emulate recent activities led by the politically motivated Pakistan-based adversary APT36 against objectives localized in the Education sector within the Indian subcontinent.
June 14, 2023
On June 14, 2023, the Cybersecurity and Infrastructure Security Agency (CISA) along with other US-based and international security organizations released a joint cybersecurity advisory (CSA) detailing the operations behind the LockBit ransomware attacks. AttackIQ has released a wide range of Attack Graphs emulating LockBit and other RaaS operators as part of CISA’s #StopRansomware campaign.
June 9, 2023
AttackIQ has released a new attack graph and two network security validation scenarios in response to the recently published CISA Advisory (AA23-158A) detailing the CL0P Ransomware Gang. This actor also known as TA505, is a financially motivated and highly sophisticated criminal adversary considered to be a major player in the e-crime scene that has left a significant impact on the global cybersecurity landscape.
May 25, 2023
AttackIQ has released two new assessments that emulate the techniques associated with a People’s Republic of China (PRC) state-sponsored cyber actor known as Volt Typhoon. Volt Typhoon makes extensive use of living off the land tools to remaining undetected for as long as possible while complete their espionage goals.
May 18, 2023
AttackIQ has released a new attack graph in response to the recently published CISA Advisory (AA23-136A) that disseminates known BianLian ransomware group techniques and indicators identified through FBI and ACSC. BianLian is a ransomware developer, deployer, and data extortion cybercriminal group that has targeted organizations in multiple U.S. critical infrastructure sectors since June 2022. They have also targeted Australian critical infrastructure sectors in addition to professional services and property development.
Targeted Sectors: Energy, Resources & Utilities, Professional Services, Construction
Author: Francis Guibernau, Ken Towne