Preparing for Russian State-Sponsored Cyberthreats

Vladimir Putin’s war in Ukraine and the aggression of the Russian regime present a top-tier threat to international security, including from potential cyberattacks of significant consequence. To prepare for a potential cyberattack from Russia-based actors, it is critical to validate your security controls against known adversary tactics. The vast majority of cyberattacks use tactics and techniques that have been employed in the past. Learn about common Russian-based TTPs and how to continuously test your security program using scenarios aligned to the MITRE ATT&CK framework. Bookmark this page for the latest insights and resources from AttackIQ specialists on how to best improve your security readiness.

Articles from AttackIQ Authors

Attack Graph Response to UNC1151 Continued Targeting
of Ukraine

There has been a substantial increase in cyberattacks against Ukrainian targets by groups closely aligned with Russian state interests.  Uncover new attacks from a threat actor likely operating out of Belarus known as UNC1151 or Ghostwriter.

Read the Blog
Attack Graph Response to US-CERT AA22-083A

AttackIQ has released a new attack graph for organizations to test and validate their cyberdefense effectiveness against the HAVEX strain of malware.
Testing Network Security Controls against Russian Malware

Following an up-tick in the activity of Russia-based cyberthreat actors, this blog discusses the practical steps you can take to validate your network security controls against known Russian tactics, techniques, and procedures to improve your security readiness.
Attack Graph Response to US-CERT AA22-011A & AA22-047A

In anticipation of escalating cyberattacks by the Russian government against U.S. and allied interests, AttackIQ has developed a new attack graph to help organizations test and validate their cyberdefenses against known Russian adversarial tactics, techniques, and procedures (TTPs).
Ukraine and Russia flags
Using MITRE ATT&CK and AttackIQ to Prepare for Known Russia-based Cyberthreats

This blog walks you through key known tactics and techniques, and highlights scenarios in the AttackIQ Security Optimization Platform that you can use today to test your defenses and improve your cybersecurity readiness.
Attack Graph Response to US CERT AA22-074A: Russia-based actors disabling multi-factor authentication (MFA)

AttackIQ has released a new attack graph to emulate Russia-based threat actors as they exploit multi-factor authentication protocols to disable MFA.

"History is happening in front of us. At AttackIQ, the purpose of our company is to build assessments and adversary emulations to help security programs prepare for known threats."

Jonathan Reiber, Senior Director for Cybersecurity Strategy and Policy, AttackIQ
From Think Bad, Do Good: Episode 12

Listen to the Full Episode Now

Additional Resources

United States Flag
The U.S. Government Needs to Overhaul Cybersecurity
Countering Ransomware with MITRE ATT&CK 101
Countering Ransomware with MITRE ATT&CK® 101 Guide
validated zero trust 101
Validated Zero Trust 101 Guide