May 25, 2023
AttackIQ has released two new assessments that emulate the techniques associated with a People’s Republic of China (PRC) state-sponsored cyber actor known as Volt Typhoon. Volt Typhoon makes extensive use of living off the land tools to remaining undetected for as long as possible while complete their espionage goals.
May 18, 2023
AttackIQ has released a new attack graph in response to the recently published CISA Advisory (AA23-136A) that disseminates known BianLian ransomware group techniques and indicators identified through FBI and ACSC. BianLian is a ransomware developer, deployer, and data extortion cybercriminal group that has targeted organizations in multiple U.S. critical infrastructure sectors since June 2022. They have also targeted Australian critical infrastructure sectors in addition to professional services and property development.
Targeted Sectors: Energy, Resources & Utilities, Professional Services, Construction
Author: Francis Guibernau, Ken Towne
May 12, 2023
On May 11, 2023, the Cybersecurity and Infrastructure Security Agency (CISA) released a joint Cybersecurity Advisory (CSA) detailing ongoing exploitation of a vulnerability in PaperCut MF and NG by cyber criminals. AttackIQ has released four new scenarios that emulates the exploitation of CVE-2023-27350 to help customers validate their security controls and their ability to defend against this widely exploited vulnerability.
May 10, 2023
AttackIQ has released two new attack graphs in response to the recently published CISA Advisory (AA23-129A) that details the efforts taken by U.S. agencies to disrupt the peer-to-peer network infrastructure used by the Russian threat actor Turla and their Snake malware. Turla is the public name given to actors associated with cyberattacks conducted by Center 16 of Russia’s Federal Security Service (FSB).
May 4, 2023
AttackIQ has released a new attack graph that emulates recent activities conducted by the adversary known as Nobelium against European Union (EU) governments. These attacks continue Russia’s efforts to gather intelligence on countries supporting Ukraine in the ongoing Russia-Ukraine war.
April 26, 2023
AttackIQ has released four new attack graphs that emulate the espionage activities led by Kimsuky, a politically motivated North Korean adversary with links to the nation’s intelligence operations.
April 14, 2023
AttackIQ has released a new attack graph that aims to emulate the activities linked to the recent supply chain attack against the software developed by the company 3CX. This new release aims to emulate the activities carried out during the initial stages of the system compromise and the hands-on keyboard activity led by Lazarus Group.
April 4, 2023
AttackIQ has released a new full-featured attack graph that emulates recent activity carried out by the politically motivated Iranian-sponsored adversary known as OilRig.
March 23, 2023
AttackIQ has released two new attack graphs that emulate recent activities conducted by the Chinese adversary known as Mustang Panda. The actor leveraged a historical family of malware known as PlugX, which is shared between multiple groups of Chinese origin known, and a new previously unknown backdoor exclusive to this actor.
March 23, 2023
AttackIQ has released two new attack graphs that emulate recent activities involving the banking trojan known as BokBot, which has been primarily focused on exfiltrating data and stealing credentials. This new release continues our focused research on emulating shared e-crime malware used in attacks by multiple adversaries.
March 17, 2023
AttackIQ has released a new fully featured attack graph that emulates the behaviors demonstrated by the latest version the LockBit ransomware family “LockBit 3.0”, also known as “LockBit Black.”
March 17, 2023
AttackIQ has released a new attack graph that emulates the Tactics, Techniques, and Procedures (TTPs) used by a cybercriminal-focused adversary who carried successfully exploited CVE-2019-18935 against an instance of Telerik UI at a federal civilian executive branch (FCEB) agency.
March 16, 2023
For malicious actors, opportunity can be found in the mundane. As adversaries continue to refine their approach with newer and more sophisticated methods to perform malicious activity, it is critical for detection engineers to stay up to date in the latest threat intelligence and adversary behaviors to monitor.
March 3, 2023
AttackIQ has released a new fully featured attack graph that emulates the tactics, techniques, and procedures (TTPs) observed in cyberattacks involving Royal Ransomware.
March 3, 2023
AttackIQ has released a new fully featured attack graph that emulates the tactics, techniques, and procedures (TTPs) associated with a 2020 intrusion from the cybercriminal group TA551.
February 27, 2023
Reactive to Preactive. Atomic to Anatomic. Lists to Graphs. Simulation to Emulation. To be prepared for the next attack, defenders must adapt and shift their focus to a threat-informed defense, to think like the adversary, and to test their security programs in a realistic manner.
February 17, 2023
AttackIQ has released two new attack graphs emulating recent Emotet campaigns that resulted in data exfiltration and ransomware extortion. This release continues our focused research on shared e-crime malware used in attacks by multiple threat actors.
February 14, 2023
AttackIQ is democratiziing the practice of threat-informed defense and adversary emulation, including by funding research from the Center for Threat-Informed Defense on micro-emulation planning. Learn more out how we put adversary emulation into practice in the AttackIQ Security Optimization Platform.
February 3, 2023
AttackIQ has released two attack graphs that emulate the shared cybercrime malware loader known as BumbleBee. This release is a continuation of our cybercrime malware emulation initiative detailing how customers can protect themselves against a wide range of actors who share tooling.
January 25, 2023
AttackIQ has released three new attack graphs that emulate multiple infection chain variations involving the widely utilized cybercrime malware known as QakBot.
January 5, 2023
AttackIQ has released a bundle of content consisting of six new attack graphs that seek to emulate the campaigns and operations led by the infamous North Korean-sponsored adversary Lazarus Group against entities worldwide across multiple sectors.
December 22, 2022
AttackIQ has released a bundle of content that includes three new attack graphs that seek to emulate different cyberspace operations led by the North Korean-sponsored threat actor Andariel against multiple entities located in Asia, predominantly in South Korea, through the use of downloaders, backdoors, and custom ransomware.
December 19, 2022
AttackIQ has released a new attack graph that seeks to emulate the activity carried out by the politically motivated Pakistan-based adversary known as APT36 or Transparent Tribe. This newly released attack graph emulates the behaviors observed in attacks against victims working in Indian government organizations.