November 19, 2025
AttackIQ has released an updated attack graph in response to emerging threat intelligence associated with the deployment of Qilin ransomware, a ransomware strain that first appeared in July 2022 and remains one of the most active ransomware families today. This update includes new behaviors related to the operators of the Qilin ransomware, which have been identified as recently as October 2025.
November 14, 2025
AttackIQ has released a new assessment template designed to emulate the various post-compromise Tactics, Techniques, and Procedures (TTPs) associated with a recent intrusion targeting Ukrainian organizations that aligns with patterns previously associated with Sandworm. While attribution remains unconfirmed, this assessment helps defenders improve their security posture against similarly sophisticated and persistent threats.
November 13, 2025
AttackIQ has released a new attack graph that emulates the behaviors exhibited by SideWinder, a threat actor with a long history of cyber espionage dating back to 2012. The group has primarily targeted government, military, and maritime sectors across South Asia and nearby regions through sophisticated spear-phishing campaigns, exploitation of Microsoft Office vulnerabilities, and the deployment of StealerBot, a memory-resident backdoor.
November 6, 2025
AttackIQ presents the fifth volume of Ransom Tales, an initiative focused on emulating the Tactics, Techniques, and Procedures (TTPs) exhibited by sophisticated and prominent ransomware families with the objective of empowering defenders to rigorously challenge their security controls and enhance resilience against disruptive and extortive threats. In this release, AttackIQ revisits historical ransomware operations with the introduction of three new attack graphs that emulate the operational behaviors exhibited by the REvil, DarkSide, and BlackMatter ransomware families.
October 16, 2025
AttackIQ has released a new attack graph that emulates the behaviors exhibited by Global Group ransomware, a threat that first appeared in June 2025 and quickly became notorious across the security landscape. The group has primarily targeted high-impact sectors such as healthcare, manufacturing, and professional services, where operational downtime can cause severe disruption.
October 9, 2025
AttackIQ has released a new emulation in response to the Oracle Security Alert Advisory detailing the CVE-2025-61882 vulnerability, which impacts Oracle E-Business Suite versions 12.2.3 through 12.2.14.
October 2, 2025
AttackIQ has released a new attack graph that emulates the behaviors exhibited by Qilin ransomware, a threat that first appeared in July 2022 and remains one of the most active families today. Qilin primarily targets the healthcare, government, education, manufacturing, and finance sectors, and has evolved to operate across multiple platforms, including Windows, Linux, and ESXi.
September 25, 2025
AttackIQ presents the fourth volume of Ransom Tales, an initiative focused on emulating the Tactics, Techniques, and Procedures (TTPs) exhibited by sophisticated and prominent ransomware families with the objective of empowering defenders to rigorously challenge their security controls and enhance resilience against disruptive and extortive threats. In this release, AttackIQ presents three new attack graphs that emulate the behaviors exhibited by the Rhysida, Charon, and Dire Wolf ransomware families.
August 28, 2025
AttackIQ presents the third volume of Ransom Tales, an initiative focused on emulating the Tactics, Techniques, and Procedures (TTPs) exhibited by sophisticated and prominent ransomware families with the objective of empowering defenders to rigorously challenge their security controls and enhance resilience against disruptive and extortive threats. In this release, AttackIQ presents three new attack graphs that emulate the behaviors exhibited by the INC, Lynx and SafePay ransomware families.
August 27, 2025
AttackIQ has released a new attack graph that emulates the behaviors exhibited by Warlock ransomware, which emerged in June 2025. Beginning in July, Warlock operators have primarily targeted internet-exposed, unpatched on-premises Microsoft SharePoint servers, exploiting a set of recently disclosed zero-day vulnerabilities, specifically CVE-2025-49704, CVE-2025-49706, CVE-2025-53770, and CVE-2025-53771, collectively referred to as the “ToolShell” exploit chain.
July 29, 2025
AttackIQ presents the second volume of Ransom Tales, an initiative focused on emulating the Tactics, Techniques, and Procedures (TTPs) exhibited by sophisticated and prominent ransomware families with the objective of empowering defenders to rigorously challenge their security controls and enhance resilience against disruptive and extortive threats. In this release, AttackIQ presents three new attack graphs that emulate the behaviors exhibited by the Gunra, Anubis and DevMan ransomware families.
July 25, 2025
AttackIQ has released two new attack graphs in response to the CISA Advisory (AA25-203A) published on July 22, 2025, which disseminates known Interlock ransomware Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IOCs) identified through FBI investigations as recently as June 2025.
July 22, 2025
AttackIQ introduces Ransom Tales, an initiative designed to emulate the Tactics, Techniques, and Procedures (TTPs) exhibited by sophisticated and prominent ransomware families with the objective of empowering defenders to rigorously challenge their security controls and enhance resilience against disruptive and extortive threats. In this release, AttackIQ presents three new attack graphs that emulate the behaviors exhibited by the BlackLock, Embargo and Mamona ransomware families.
June 16, 2025
In response to the recently published CISA Advisory (AA25-163A) which highlights ransomware actors exploiting unpatched SimpleHelp Remote Monitoring and Management (RMM) tool, AttackIQ has provided actionable recommendations to help organizations emulate such attacks. These recommendations enable organizations to emulate tactics and techniques, helping to assess and improve their defenses against similar adversarial behaviors.
June 12, 2025
AttackIQ has released an updated attack graph in response to the recently revised CISA Advisory (AA23-352A) which disseminates Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs) associated with the Play Ransomware group, identified through FBI investigations as recently as May 2025.
May 29, 2025
AttackIQ has released a new assessment template that contains a curated list of Tools and Malware samples associated with Scattered Spider to help defenders improve their security posture against this sophisticated and persistent threat.
May 23, 2025
AttackIQ has released two new attack graphs that emulate the behaviors exhibited by DragonForce ransomware since its emergence in August 2023. Initially based entirely on the leaked LockBit 3.0 (Black) builder, it evolved with the introduction of a customized variant derived from the Conti V3 codebase. DragonForce operators may potentially be behind the recent cyber attacks that involved Marks & Spencer, Co-Op, and Harrods.
May 22, 2025
AttackIQ has updated an existing assessment template in response to the CISA Advisory (AA25-141B) published on May 21, 2025, which disseminates Tactics, Techniques and Procedures (TTPs) and Indicators of Compromise (IOCs), associated with threat actors deploying the LummaC2 information stealer malware, identified through FBI investigations as recent as May 2025.
May 21, 2025
AttackIQ has released a new assessment template in response to the CISA Advisory (AA25-141A) published on May 21, 2025. The CSA highlights a cyber espionage-oriented campaign carried out by cyber actors affiliated with the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (Unit 26165), targeting Western logistics entities and technology companies.
May 15, 2025
AttackIQ has released a new attack graph emulating the behaviors exhibited by VanHelsing ransomware, a new and rapidly growing ransomware-as-a-service (RaaS) affiliate program that emerged in March 2025. This emulation enables defenders to test and validate their detection and response capabilities against this new threat.
May 8, 2025
AttackIQ has released a new attack graph emulating the behaviors exhibited by Termite ransomware since its emergence in November 2024. Termite is widely believed to be based on Babuk Ransomware, a defunct strain whose source code was leaked in 2021. While Babuk’s influence remains evident, particularly in encryption routines and general behavior, Termite distinguishes itself by aggressively targeting environment-specific vulnerabilities.
April 24, 2025
AttackIQ has released a new attack graph emulating the behaviors exhibited by Helldown ransomware since its emergence in August 2024. Helldown is operated by the eponymous and still largely undocumented adversary, which employs double extortion tactics by exfiltrating sensitive data prior to encrypting victim systems and threatening to leak the data on its Dedicated Leak Site (DLS)
April 17, 2025
AttackIQ has released three new attack graphs designed to emulate the Tactics, Techniques, and Procedures (TTPs) associated with StrelaStealer observed in its most recent activities, enabling defenders to test and validate their detection and response capabilities.
April 9, 2025
AttackIQ has released a new attack graph designed to emulate the Tactics, Techniques, and Procedures (TTPs) associated with CatB ransomware observed in its most recent activities, enabling defenders to test and validate their detection and response capabilities.