Broad-Based Attacks

AttackIQ has released a new assessment template in response to the recently published CISA Advisory (AA23-325A) that disseminates Indicators of Compromise (IOCs), Tactics, Techniques and Procedures (TTPs), and detection methods associated with LockBit 3.0. This assessment template is based on an incident in which LockBit affiliates were observed exploiting CVE-2023-4966 to gain access to Boeing infrastructure.

AttackIQ has released a new assessment template in response to the recently published CISA Advisory (AA23-320A) that disseminates known Scattered Spider’s Indicators of Compromise (IOCs), Tactics, Techniques, and Procedures (TTPs) identified through FBI investigations as recent as November 2023.

AttackIQ has released a new attack graph in response to the recently published CISA Advisory (AA23-284A) that disseminates known Indicators of Compromise (IOCs), Tactics, Techniques, and Procedures (TTPs), and detection methods associated with AvosLocker ransomware identified through FBI investigations as recent as May 2023. AvosLocker is known for conducting activities against organizations across multiple critical infrastructure sectors using legitimate software and open-source remote system administration tools.

AttackIQ has released three new attack graphs that aim to emulate the recent activities involving the commodity JavaScript-based downloader known as GootLoader.

AttackIQ has released a new attack graph in response to the recently published CISA Advisory (AA23-187A) that seeks to emulate the activities carried out by the financially motivated and highly sophisticated criminal adversary known as TA505.

AttackIQ has released a new attack graph and two network security validation scenarios in response to the recently published CISA Advisory (AA23-158A) detailing the CL0P Ransomware Gang. This actor also known as TA505, is a financially motivated and highly sophisticated criminal adversary considered to be a major player in the e-crime scene that has left a significant impact on the global cybersecurity landscape.

On May 11, 2023, the Cybersecurity and Infrastructure Security Agency (CISA) released a joint Cybersecurity Advisory (CSA) detailing ongoing exploitation of a vulnerability in PaperCut MF and NG by cyber criminals. AttackIQ has released four new scenarios that emulates the exploitation of CVE-2023-27350 to help customers validate their security controls and their ability to defend against this widely exploited vulnerability.

AttackIQ has released two new attack graphs emulating recent Emotet campaigns that resulted in data exfiltration and ransomware extortion. This release continues our focused research on shared e-crime malware used in attacks by multiple threat actors.

AttackIQ has released two attack graphs that emulate the shared cybercrime malware loader known as BumbleBee. This release is a continuation of our cybercrime malware emulation initiative detailing how customers can protect themselves against a wide range of actors who share tooling.