February 9, 2026
What if your phishing tests updated themselves every week? Learn how real phishing campaigns are automatically transformed into continuous email and endpoint validation—at scale.
February 5, 2026
AttackIQ has released a new attack graph that emulates the behaviors of Cephalus ransomware, a Go-based strain active since June 2025 that combines defense-evasion and anti-analysis techniques, such as secure memory handling and tampering with Windows Defender, to enable stealthy targeted operations prior to encryption and extortion.
January 20, 2026
AttackIQ has released a new attack graph that emulates the behaviors exhibited by BlackSuit ransomware, a ransomware strain that has been active since at least May 2023. It represents the evolution of the ransomware previously identified as Royal ransomware, which was active from approximately September 2022 through June 2023.
January 9, 2026
On January 8th, MITRE’s Center for Threat-Informed Defense (CTID) published a significant update to INFORM, its threat-informed defense maturity model. This update reflects the joint efforts of MITRE researchers, AttackIQ, and several CTID members to enhance INFORM based on two years of operational use and broad security community feedback.
November 19, 2025
AttackIQ has released an updated attack graph in response to emerging threat intelligence associated with the deployment of Qilin ransomware, a ransomware strain that first appeared in July 2022 and remains one of the most active ransomware families today. This update includes new behaviors related to the operators of the Qilin ransomware, which have been identified as recently as October 2025.
November 14, 2025
AttackIQ has released a new assessment template designed to emulate the various post-compromise Tactics, Techniques, and Procedures (TTPs) associated with a recent intrusion targeting Ukrainian organizations that aligns with patterns previously associated with Sandworm. While attribution remains unconfirmed, this assessment helps defenders improve their security posture against similarly sophisticated and persistent threats.
November 13, 2025
AttackIQ has released a new attack graph that emulates the behaviors exhibited by SideWinder, a threat actor with a long history of cyber espionage dating back to 2012. The group has primarily targeted government, military, and maritime sectors across South Asia and nearby regions through sophisticated spear-phishing campaigns, exploitation of Microsoft Office vulnerabilities, and the deployment of StealerBot, a memory-resident backdoor.
November 6, 2025
AttackIQ presents the fifth volume of Ransom Tales, an initiative focused on emulating the Tactics, Techniques, and Procedures (TTPs) exhibited by sophisticated and prominent ransomware families with the objective of empowering defenders to rigorously challenge their security controls and enhance resilience against disruptive and extortive threats. In this release, AttackIQ revisits historical ransomware operations with the introduction of three new attack graphs that emulate the operational behaviors exhibited by the REvil, DarkSide, and BlackMatter ransomware families.
October 23, 2025
AttackIQ has enhanced and expanded two AWS security assessments, by introducing nine new scenarios that emulate real-world techniques and tactics that could be used by threat actors to compromise AWS cloud environments. These updates are designed to provide a more comprehensive evaluation of your AWS cloud security posture by covering a broader range of attack vectors and misconfigurations.
October 16, 2025
AttackIQ has released a new attack graph that emulates the behaviors exhibited by Global Group ransomware, a threat that first appeared in June 2025 and quickly became notorious across the security landscape. The group has primarily targeted high-impact sectors such as healthcare, manufacturing, and professional services, where operational downtime can cause severe disruption.
October 2, 2025
AttackIQ has released a new attack graph that emulates the behaviors exhibited by Qilin ransomware, a threat that first appeared in July 2022 and remains one of the most active families today. Qilin primarily targets the healthcare, government, education, manufacturing, and finance sectors, and has evolved to operate across multiple platforms, including Windows, Linux, and ESXi.
September 25, 2025
AttackIQ presents the fourth volume of Ransom Tales, an initiative focused on emulating the Tactics, Techniques, and Procedures (TTPs) exhibited by sophisticated and prominent ransomware families with the objective of empowering defenders to rigorously challenge their security controls and enhance resilience against disruptive and extortive threats. In this release, AttackIQ presents three new attack graphs that emulate the behaviors exhibited by the Rhysida, Charon, and Dire Wolf ransomware families.
September 23, 2025
AttackIQ research exposes RomCom’s espionage-to-ransomware convergence and provides 7 emulations to harden detection and response.
August 28, 2025
AttackIQ presents the third volume of Ransom Tales, an initiative focused on emulating the Tactics, Techniques, and Procedures (TTPs) exhibited by sophisticated and prominent ransomware families with the objective of empowering defenders to rigorously challenge their security controls and enhance resilience against disruptive and extortive threats. In this release, AttackIQ presents three new attack graphs that emulate the behaviors exhibited by the INC, Lynx and SafePay ransomware families.
August 27, 2025
AttackIQ has released a new attack graph that emulates the behaviors exhibited by Warlock ransomware, which emerged in June 2025. Beginning in July, Warlock operators have primarily targeted internet-exposed, unpatched on-premises Microsoft SharePoint servers, exploiting a set of recently disclosed zero-day vulnerabilities, specifically CVE-2025-49704, CVE-2025-49706, CVE-2025-53770, and CVE-2025-53771, collectively referred to as the “ToolShell” exploit chain.
July 29, 2025
AttackIQ presents the second volume of Ransom Tales, an initiative focused on emulating the Tactics, Techniques, and Procedures (TTPs) exhibited by sophisticated and prominent ransomware families with the objective of empowering defenders to rigorously challenge their security controls and enhance resilience against disruptive and extortive threats. In this release, AttackIQ presents three new attack graphs that emulate the behaviors exhibited by the Gunra, Anubis and DevMan ransomware families.
July 22, 2025
AttackIQ introduces Ransom Tales, an initiative designed to emulate the Tactics, Techniques, and Procedures (TTPs) exhibited by sophisticated and prominent ransomware families with the objective of empowering defenders to rigorously challenge their security controls and enhance resilience against disruptive and extortive threats. In this release, AttackIQ presents three new attack graphs that emulate the behaviors exhibited by the BlackLock, Embargo and Mamona ransomware families.
June 23, 2025
Amid rising tensions after Israeli and U.S. strikes on Iranian nuclear sites, experts warn of increased Iranian cyber retaliation. With limited conventional options, Iran is expected to rely on cyberattacks against U.S. infrastructure and defense sectors. DHS has issued alerts on threats from state-backed hackers and proxies. AttackIQ continues to help organizations test and strengthen their defenses.
May 29, 2025
AttackIQ has released a new assessment template that contains a curated list of Tools and Malware samples associated with Scattered Spider to help defenders improve their security posture against this sophisticated and persistent threat.
May 23, 2025
AttackIQ has released two new attack graphs that emulate the behaviors exhibited by DragonForce ransomware since its emergence in August 2023. Initially based entirely on the leaked LockBit 3.0 (Black) builder, it evolved with the introduction of a customized variant derived from the Conti V3 codebase. DragonForce operators may potentially be behind the recent cyber attacks that involved Marks & Spencer, Co-Op, and Harrods.
May 15, 2025
AttackIQ has released a new attack graph emulating the behaviors exhibited by VanHelsing ransomware, a new and rapidly growing ransomware-as-a-service (RaaS) affiliate program that emerged in March 2025. This emulation enables defenders to test and validate their detection and response capabilities against this new threat.
May 8, 2025
AttackIQ has released a new attack graph emulating the behaviors exhibited by Termite ransomware since its emergence in November 2024. Termite is widely believed to be based on Babuk Ransomware, a defunct strain whose source code was leaked in 2021. While Babuk’s influence remains evident, particularly in encryption routines and general behavior, Termite distinguishes itself by aggressively targeting environment-specific vulnerabilities.
April 24, 2025
AttackIQ has released a new attack graph emulating the behaviors exhibited by Helldown ransomware since its emergence in August 2024. Helldown is operated by the eponymous and still largely undocumented adversary, which employs double extortion tactics by exfiltrating sensitive data prior to encrypting victim systems and threatening to leak the data on its Dedicated Leak Site (DLS)