September 5, 2024
AttackIQ has released a new assessment template in response to the CISA Advisory (AA24-207A) published on August 29, 2024, that disseminates known RansomHub ransomware IOCs and TTPs that have been identified through FBI threat response activities and third-party reporting as recently as August 2024.
August 30, 2024
AttackIQ has released a new attack graph that emulates the behaviors exhibited by Mallox ransomware since the beginning of its activities in June 2021. Mallox primarily gains access to victim networks through dictionary brute-force attacks against unsecured MS-SQL servers.
August 29, 2024
AttackIQ has released a new assessment template in response to the CISA Advisory (AA24-241A) published on August 28, 2024. The advisory outlines espionage activity associated with a specific group of Iranian cyber actors that have conducted a high volume of intrusion attempts against US organizations since 2017 and as recently as August 2024
August 23, 2024
In response to the recent CISA Advisory (AA24-234A) outlining best practices for event logging and threat detection, AttackIQ, in alignment with CISA’s guidance, strongly encourages organizations to engage in continuous testing against known, real-world adversary behaviors and TTPs through rigorous security control validation.
August 2, 2024
AttackIQ has released a new attack graph that emulates the behaviors exhibited by Prestige ransomware since the beginning of its activities in October 2022. Prestige has been observed targeting organizations in the transportation and related logistics sectors located in Ukraine and Poland. In November 2022, it was assessed that the Russian adversary known as Sandworm was most likely behind these attacks.
July 31, 2024
AttackIQ has released a new attack graph that emulates the behaviors exhibited by the North Korean state-sponsored adversary Andariel during Operation Blacksmith which affected manufacturing, agricultural and physical security companies in multiple regions.
July 26, 2024
AttackIQ has released a new assessment template in response to the CISA Advisory (AA24-207A) published on July 25, 2024, that highlights cyber espionage activity associated with the Democratic People’s Republic of Korea (DPRK)’s Reconnaissance General Bureau (RGB) 3rd Bureau based in Pyongyang and Sinuiju.
July 25, 2024
AttackIQ has released a new attack graph that emulates the behaviors exhibited by the Cactus ransomware since the beginning of its activities in March 2023. Cactus has targeted a wide variety of organizations since its inception and has breached more than 140 entities as of July 2024.
July 15, 2024
AttackIQ has released two new assessment templates in response to the CISA Advisory (AA24-193A) published on July 11, 2024, that disseminates Tactics, Techniques and Procedures (TTPs), mitigation and detection methods associated with SILENTSHIELD red team assessment carried out by CISA against a Federal Civilian Executive Branch (FCEB) organization.
July 11, 2024
AttackIQ has released a new attack graph that emulates the behaviors exhibited by the extortionist ransomware Nefilim during activities against multiple organizations, primarily based in North or South America, distributed in the financial, manufacturing, or transportation industries since its emergence in March 2020.
July 3, 2024
AttackIQ has released two new attack graphs that emulate the behaviors exhibited by the highly sophisticated Russian adversary Sandworm during various destructive activities against targets in Ukraine and other countries in the region shortly before the launch of the Russian invasion on February 24, 2022.
June 20, 2024
AttackIQ has released three new attack graphs that seek to emulate the Tactics, Techniques and Procedures (TTPs) associated with and exhibited by the stealthy and notorious Winnti Group during its activities in 2021 and 2022.
June 5, 2024
AttackIQ has released a new attack graph in response to the CISA Advisory (AA24-060A) published on February 29, 2024, which disseminates known Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IOCs) associated with the Phobos Ransomware variants observed as recently as February 2024.
May 24, 2024
AttackIQ has released two new attack graphs that seek to emulate the Tactics, Techniques and Procedures (TTPs) associated with and exhibited by the open-source Remote Access Trojan AsyncRAT during its activities in 2023.
May 17, 2024
AttackIQ has released a new attack graph in response to the recently published CISA Advisory (AA24-131A) which disseminates known Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IOCs) associated to Black Basta ransomware, a ransomware variant whose operators have encrypted and stolen data from at least 12 out of 16 critical infrastructure sectors, including the Healthcare and Public Health (HPH) Sector.
April 22, 2024
AttackIQ has released a new attack graph in response to the recently published CISA Advisory (AA24-109A) which disseminates known Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IOCs) associated to Akira ransomware, identified through FBI investigations and trusted third party reporting as recently as February 2024.
March 8, 2024
AttackIQ has released a new assessment template in response to the recent wave of zero-day vulnerability exploits affecting ConnectWise’s ScreenConnect software. This assessment template comprises the various Tactics, Techniques, and Procedures (TTPs) exhibited by several adversaries observed exploiting these vulnerabilities to deploy different families of Ransomware.
March 7, 2024
AttackIQ has released an update to the BlackCat ransomware emulation in response to the recent revision of the CISA Advisory (AA23-353A) which disseminates Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs) identified through FBI investigations as recently as February 2024.
March 4, 2024
In response to the recently published CISA Advisory (AA24-060B) that disseminates observed threat actor activities, Indicators of Compromise (IOCs), and mitigations associated with ongoing incident response activities in connection with the recent Ivanti Connect Secure and Ivanti Policy Secure Gateway vulnerabilities CVE-2023-46805, CVE-2024-21887 and CVE-2024-21893, AttackIQ recommends that customers take the following testing actions in alignment with this recently observed activity.
March 1, 2024
AttackIQ has released a new assessment template in response to the recently published CISA Advisory (AA24-060A) which disseminates known Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IOCs) associated with the Phobos Ransomware variants observed as recently as February 2024.
February 27, 2024
AttackIQ recommends that customers take the following testing actions in alignment to the recently published CISA Advisory (AA24-057A) which details recent Tactics, Techniques, and Procedures (TTPs) exhibited by the Russian Foreign Intelligence Service (SVR) adversary known as APT29 during activities in which it sought to gain initial access to the cloud infrastructure of government entities and corporations.
February 16, 2024
In response to the recently published CISA Advisory (AA24-046A) that disseminates Tactics, Techniques, Procedures (TTPs) and mitigations associated with a recent incident response assessment of a state government organization’s network, AttackIQ recommends that customers take the following testing actions in alignment with this recently observed activity.
February 9, 2024
AttackIQ has released a new attack graph in response to the recently published CISA Advisory (AA24-038A) which assesses that the People’s Republic of China (PRC) state-sponsored cyber actors are seeking to pre-position themselves on IT networks for disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a major crisis or conflict with the United States.
February 7, 2024
AttackIQ has released a new assessment template in response to the recent wave of zero-day vulnerability exploits targeting various appliances produced by software company Ivanti.
This assessment template emulates the different Tactics, Techniques, and Procedures (TTPs) exhibited by the UNC5221 adversary after successful exploitation of CVE-2023-46805 (authentication bypass) and CVE-2024-21887 (command injection).