December 21, 2023
AttackIQ has released a new attack graph in response to the recently published CISA Advisory (AA23-347A) which assesses that cyber actors from the Russian Foreign Intelligence Service (SVR) have been observed targeting servers hosting JetBrains TeamCity software by exploiting vulnerability CVE-2023-42793 on a large scale, since September 2023.
December 7, 2023
AttackIQ has released two new attack graphs and one new scenario in response to the recently published CISA Advisory (AA23-339A) that disseminates Indicators of Compromise (IOCs), Tactics, Techniques, and Procedures (TTPs), and detection methods associated with the exploitation of CVE-2023-26360 at a Federal Civilian Executive Branch (FCEB). These attack graphs are based on two separate incidents that compromised at least two public-facing servers at a FCEB between June and July 2023.
November 27, 2023
AttackIQ has released a new assessment template in response to the recently published CISA Advisory (AA23-325A) that disseminates Indicators of Compromise (IOCs), Tactics, Techniques and Procedures (TTPs), and detection methods associated with LockBit 3.0. This assessment template is based on an incident in which LockBit affiliates were observed exploiting CVE-2023-4966 to gain access to Boeing infrastructure.
November 21, 2023
AttackIQ has released a new assessment template in response to the recently published CISA Advisory (AA23-320A) that disseminates known Scattered Spider’s Indicators of Compromise (IOCs), Tactics, Techniques, and Procedures (TTPs) identified through FBI investigations as recent as November 2023.
November 1, 2023
AttackIQ has released a new attack graph in response to the recently published CISA Advisory (AA23-284A) that disseminates known Indicators of Compromise (IOCs), Tactics, Techniques, and Procedures (TTPs), and detection methods associated with AvosLocker ransomware identified through FBI investigations as recent as May 2023. AvosLocker is known for conducting activities against organizations across multiple critical infrastructure sectors using legitimate software and open-source remote system administration tools.
October 9, 2023
AttackIQ has released three new attack graphs that aim to emulate the recent activities involving the commodity JavaScript-based downloader known as GootLoader.
October 4, 2023
AttackIQ has released a new attack graph in response to the recently published CISA Advisory (AA23-263A) that disseminates known Snatch ransomware threat actor’s techniques and indicators identified through FBI investigations as recent as June 2023. Snatch operators are known to conduct activities against a wide range of critical infrastructure sectors and carry out double-extortion tactics to improve their chances of successfully receiving a ransom payment.
September 25, 2023
AttackIQ has released a new attack graph in response to the recently published CISA Advisory (AA23-250A) that seeks to emulate the activities carried out by multiple nation-state threat actors at an Aeronautical Sector organization as early as January 2023.
August 18, 2023
AttackIQ has released a new attack graph that aims to emulate activities observed by the politically and military motivated state-sponsored Iranian-based adversary APT35, who is known to target multiple industries primarily in Europe, the Middle East, and North America.
August 3, 2023
AttackIQ has helped hundreds of companies across the global 2000 to conduct automated testing at scale, powered by MITRE ATT&CK. Building on a decade of success, we are now making testing available for everyone. Here’s what that means.
July 28, 2023
AttackIQ has released a content bundle consisting of two new attack graphs that seek to emulate the operations carried out by the Chinese-based adversary Gallium against the Telecommunications sector in recent years.
July 10, 2023
AttackIQ has released a new attack graph in response to the recently published CISA Advisory (AA23-187A) that seeks to emulate the activities carried out by the financially motivated and highly sophisticated criminal adversary known as TA505.
June 27, 2023
AttackIQ has released a new attack graph that aims to emulate recent activities led by the politically motivated Pakistan-based adversary APT36 against objectives localized in the Education sector within the Indian subcontinent.
June 14, 2023
On June 14, 2023, the Cybersecurity and Infrastructure Security Agency (CISA) along with other US-based and international security organizations released a joint cybersecurity advisory (CSA) detailing the operations behind the LockBit ransomware attacks. AttackIQ has released a wide range of Attack Graphs emulating LockBit and other RaaS operators as part of CISA’s #StopRansomware campaign.
June 9, 2023
AttackIQ has released a new attack graph and two network security validation scenarios in response to the recently published CISA Advisory (AA23-158A) detailing the CL0P Ransomware Gang. This actor also known as TA505, is a financially motivated and highly sophisticated criminal adversary considered to be a major player in the e-crime scene that has left a significant impact on the global cybersecurity landscape.
May 25, 2023
AttackIQ has released two new assessments that emulate the techniques associated with a People’s Republic of China (PRC) state-sponsored cyber actor known as Volt Typhoon. Volt Typhoon makes extensive use of living off the land tools to remaining undetected for as long as possible while complete their espionage goals.
May 18, 2023
AttackIQ has released a new attack graph in response to the recently published CISA Advisory (AA23-136A) that disseminates known BianLian ransomware group techniques and indicators identified through FBI and ACSC. BianLian is a ransomware developer, deployer, and data extortion cybercriminal group that has targeted organizations in multiple U.S. critical infrastructure sectors since June 2022. They have also targeted Australian critical infrastructure sectors in addition to professional services and property development.
Targeted Sectors: Energy, Resources & Utilities, Professional Services, Construction
Author: Francis Guibernau, Ken Towne
May 12, 2023
On May 11, 2023, the Cybersecurity and Infrastructure Security Agency (CISA) released a joint Cybersecurity Advisory (CSA) detailing ongoing exploitation of a vulnerability in PaperCut MF and NG by cyber criminals. AttackIQ has released four new scenarios that emulates the exploitation of CVE-2023-27350 to help customers validate their security controls and their ability to defend against this widely exploited vulnerability.
May 10, 2023
AttackIQ has released two new attack graphs in response to the recently published CISA Advisory (AA23-129A) that details the efforts taken by U.S. agencies to disrupt the peer-to-peer network infrastructure used by the Russian threat actor Turla and their Snake malware. Turla is the public name given to actors associated with cyberattacks conducted by Center 16 of Russia’s Federal Security Service (FSB).
May 4, 2023
AttackIQ has released a new attack graph that emulates recent activities conducted by the adversary known as Nobelium against European Union (EU) governments. These attacks continue Russia’s efforts to gather intelligence on countries supporting Ukraine in the ongoing Russia-Ukraine war.
April 26, 2023
AttackIQ has released four new attack graphs that emulate the espionage activities led by Kimsuky, a politically motivated North Korean adversary with links to the nation’s intelligence operations.
April 14, 2023
AttackIQ has released a new attack graph that aims to emulate the activities linked to the recent supply chain attack against the software developed by the company 3CX. This new release aims to emulate the activities carried out during the initial stages of the system compromise and the hands-on keyboard activity led by Lazarus Group.
April 4, 2023
AttackIQ has released a new full-featured attack graph that emulates recent activity carried out by the politically motivated Iranian-sponsored adversary known as OilRig.
March 23, 2023
AttackIQ has released two new attack graphs that emulate recent activities conducted by the Chinese adversary known as Mustang Panda. The actor leveraged a historical family of malware known as PlugX, which is shared between multiple groups of Chinese origin known, and a new previously unknown backdoor exclusive to this actor.