APT29 Assessment Allows Enterprises to Measure How Their Security Controls Stack Up Against the Known Tactics, Techniques and Procedures of the Dangerous Threat Group
SANTA CLARA, Calif., — AttackIQⓇ, the leading independent vendor of breach and attack simulation solutions, has released an emulation plan for enterprises to test the effectiveness of their security controls against a cyberattack from APT29 threat actors. The AttackIQ plan is derived from MITRE ATT&CK-based tactics, techniques, and procedures (TTPs), and safely emulates the dangerous threat actors’ methods to help organizations build cyber resilience against a real-world cyberattack.
The emulation plan is timed with the release of the MITRE ATT&CK EVALs APT29 results. AttackIQ worked with several of the EDR vendors prior to the phase 2 EVALs assessment, helping vendor product teams to increase overall prevention and detection scores by double-digit margins.
Advanced Persistent Threat (APT) 29, also known as CozyBear or The Dukes (among other names), is a technically skilled group linked to the Russian government. The group’s primary targets are governments and related entities like political organizations, government subcontractors, and think-tanks across the United States and Europe. This state-sponsored group made headlines in 2016 when they hacked the Democratic National Committee systems ahead of the U.S. presidential election and again when they compromised three European ministries of foreign affairs in 2019. Their intent is to interfere in elections, disrupt critical infrastructure to sow fear, uncertainty, and doubt, and undercut popular trust in democratic processes and institutions.
AttackIQ’s new emulation plan mirrors the behavior of APT29 and covers the entire post-exploitation attack chain, from the first stage of a machine compromise to the later stages of communication with a command-and-control (C&C) server and the exfiltration of sensitive information. In total, this emulation plan contains 45 scenarios covering 56 MITRE ATT&CK techniques, and provides the broadest and most comprehensive coverage of APT29 aligned attack methods.
“This emulation plan allows security leaders to authoritatively and quantitatively confirm their defensive readiness for an APT29 based cyberattack,” says Chris Kennedy, CISO & VP, Customer Success of AttackIQ. “Adopting threat informed defense is the next evolution in program security strategies. By emulating real attacker behavior, AttackIQ’s automated platform can help organizations create and drive a continuous and informed feedback loop around the appropriateness and efficacy of their security investments.”
The AttackIQ platform offers a unique capability in which the tester can configure custom parameters around user privilege, technique variables, and order processes. The APT29 emulation plan uses nine patterns and includes all of the relevant techniques in the MITRE ATT&CK kill chain. Together, the emulation plan and the platform provide users with a sophisticated and comprehensive way to emulate APT29 behavior, in a simple pre-defined template, executed through an easy to use WebUI or via API.
Executing the APT29 emulation plan with the AttackIQ platform produces real time, in-depth reports on enterprise protection successes and failures, and offers clear strategies for prioritization and remediation. When used over time and across an enterprise, AttackIQ’s platform sets clear benchmarks for measuring an organization’s overall cyber readiness. It is setting the gold standard for measuring security effectiveness.
AttackIQ, a leader in the emerging market of breach and attack simulation, built the industry’s first platform that enables red and blue teams to test and measure the effectiveness of their security controls and staff. With an open platform, AttackIQ supports the MITRE ATT&CK framework, a curated knowledge base and model for cyber adversary behavior used for planning security improvements and verifying defenses work as expected. AttackIQ’s platform is trusted by leading companies around the world. For more information visit https://attackiq.com/. Follow AttackIQ on Twitter, Facebook, LinkedIn, Vimeo, and YouTube.