Blog - Page 7 of 20

Target Locked: Operation Sharpshooter

Operation Sharpshooter was a significant cyberattack by the Lazarus Group, targeting critical industries like finance, energy, and defense. Dive into the details of the attack and its implications and explore how AttackIQ Flex can assist in testing and strengthening your cybersecurity defenses.

Author: Madison Steel April 17, 2024 Read More

Adversary Emulation

Emulating the Southeast Asian Adversary OceanLotus

AttackIQ has released four new attack graphs that seek to emulate the behaviors exhibited by the politically motivated Vietnamese adversary known as OceanLotus during its most recent and prevalent activities.

April 16, 2024 Read More

AttackIQ Flex

Intercept the Adversary: Lazarus Group – Operation In(ter)ception

Operation In(ter)ception reveals Lazarus Group's 2019 cyber campaign targeting military and aerospace organizations in Europe and the Middle East. Delve into the attacker's tactics on LinkedIn, their covert infiltration methods, and the complexities of their persistence strategies. Discover how AttackIQ Flex can empower your organization to fortify their defenses against such sophisticated threats through the use of agentless emulation testing.

April 10, 2024 Read More

AttackIQ Flex

Cyber Sorcery: Confronting Lazarus Group – MagicRAT and TigerRAT Campaign

Discover the origin, tactics and future of Remote Access Trojan (RAT) dubbed MagicRAT and how leveraging AttackIQ Flex can help your organization simulate real-world attack scenarios, enabling you to assess and validate their security posture effectively.

April 4, 2024 Read More

Most Recent

TTPs

Hiding in Plain Sight: Monitoring and Testing for Living-Off-the-Land Binaries

For malicious actors, opportunity can be found in the mundane. As adversaries continue to refine their approach with newer and more sophisticated methods to perform malicious activity, it is critical for detection engineers to stay up to date in the latest threat intelligence and adversary behaviors to monitor.

March 16, 2023 Read More

Adversary Emulation

Attack Graph Response to CISA Advisory (AA23-061A): #StopRansomware: Royal Ransomware

AttackIQ has released a new fully featured attack graph that emulates the tactics, techniques, and procedures (TTPs) observed in cyberattacks involving Royal Ransomware.

March 3, 2023 Read More

Adversary Emulation

Emulating the Cybercriminal Initial Access Broker TA551

AttackIQ has released a new fully featured attack graph that emulates the tactics, techniques, and procedures (TTPs) associated with a 2020 intrusion from the cybercriminal group TA551.

March 3, 2023 Read More

Center for Threat-Informed Defense

A Year of Impact: AttackIQ’s Applied Research in Threat-Informed Defense

Reactive to Preactive. Atomic to Anatomic. Lists to Graphs. Simulation to Emulation. To be prepared for the next attack, defenders must adapt and shift their focus to a threat-informed defense, to think like the adversary, and to test their security programs in a realistic manner.

February 27, 2023 Read More

Adversary Emulation

Emulating the Always Persistent Cybercrime Malware Emotet

AttackIQ has released two new attack graphs emulating recent Emotet campaigns that resulted in data exfiltration and ransomware extortion. This release continues our focused research on shared e-crime malware used in attacks by multiple threat actors.

February 17, 2023 Read More

Adversary Emulation

Democratizing the Practice of Adversary Emulation

AttackIQ is democratiziing the practice of threat-informed defense and adversary emulation, including by funding research from the Center for Threat-Informed Defense on micro-emulation planning. Learn more out how we put adversary emulation into practice in the AttackIQ Security Optimization Platform.

February 14, 2023 Read More

Adversary Emulation

Emulating the Shared Cybercrime Loader BumbleBee

AttackIQ has released two attack graphs that emulate the shared cybercrime malware loader known as BumbleBee. This release is a continuation of our cybercrime malware emulation initiative detailing how customers can protect themselves against a wide range of actors who share tooling.

February 3, 2023 Read More

Adversary Emulation

Emulating the Constantly Evolving Cybercrime Malware QakBot

AttackIQ has released three new attack graphs that emulate multiple infection chain variations involving the widely utilized cybercrime malware known as QakBot.

January 25, 2023 Read More

Adversary Emulation

Emulating the Highly Sophisticated North Korean Adversary Lazarus Group

AttackIQ has released a bundle of content consisting of six new attack graphs that seek to emulate the campaigns and operations led by the infamous North Korean-sponsored adversary Lazarus Group against entities worldwide across multiple sectors.

January 5, 2023 Read More

Adversary Emulation

Emulating the Politically Motivated North Korean Adversary Andariel

AttackIQ has released a bundle of content that includes three new attack graphs that seek to emulate different cyberspace operations led by the North Korean-sponsored threat actor Andariel against multiple entities located in Asia, predominantly in South Korea, through the use of downloaders, backdoors, and custom ransomware.

December 22, 2022 Read More

Adversary Emulation

Attack Graph Response to APT36 Targeted Attacks Against Indian Governmental Organizations

AttackIQ has released a new attack graph that seeks to emulate the activity carried out by the politically motivated Pakistan-based adversary known as APT36 or Transparent Tribe. This newly released attack graph emulates the behaviors observed in attacks against victims working in Indian government organizations.

December 19, 2022 Read More

Adversary Emulation

Emulating the Financially Motivated North Korean Adversary BlueNoroff

AttackIQ has released a bundle of content including four new attack graphs that seek to emulate two types of attacks conducted by the North Korean adversary BlueNoroff. The newly released graphs emulate the behaviors used in the attacks against the Society for Worldwide Interbank Financial Telecommunication (SWIFT) software and organizations involved in cryptocurrency.

December 14, 2022 Read More