Russia

AttackIQ has released a new assessment template that emulates the various Post-Compromise Tactics, Techniques, and Procedures (TTPs) associated with the politically motivated Russian adversary Sandworm.

AttackIQ recommends that customers take the following testing actions in alignment to the recently published CISA Advisory (AA24-057A) which details recent Tactics, Techniques, and Procedures (TTPs) exhibited by the Russian Foreign Intelligence Service (SVR) adversary known as APT29 during activities in which it sought to gain initial access to the cloud infrastructure of government entities and corporations.

AttackIQ has released a new attack graph in response to the recently published CISA Advisory (AA23-347A) which assesses that cyber actors from the Russian Foreign Intelligence Service (SVR) have been observed targeting servers hosting JetBrains TeamCity software by exploiting vulnerability CVE-2023-42793 on a large scale, since September 2023.

The implications of not conducting security control testing are profound. Adversaries are relentless and will exploit vulnerabilities if given the chance. The potential impact includes data breaches, financial losses, damage to reputation, and regulatory penalties.

AttackIQ has released two new attack graphs in response to the recently published CISA Advisory (AA23-129A) that details the efforts taken by U.S. agencies to disrupt the peer-to-peer network infrastructure used by the Russian threat actor Turla and their Snake malware. Turla is the public name given to actors associated with cyberattacks conducted by Center 16 of Russia’s Federal Security Service (FSB).

AttackIQ has released a new attack graph that emulates recent activities conducted by the adversary known as Nobelium against European Union (EU) governments. These attacks continue Russia's efforts to gather intelligence on countries supporting Ukraine in the ongoing Russia-Ukraine war.

OpenAI's ChatGPT can tell you exactly how to use BAS to improve your cyberdefense effectiveness. But it won't help you with the Russian military specifically, and that's a very good thing. See below for why OpenAI deserves credit for this algorithmic limit.

AttackIQ has released a new scenario and assessment in response to US-CERT Alert AA22-152A, Karakurt Data Extortion Group 

AttackIQ has released a new attack graph for organizations to test and validate their cyberdefense effectiveness against the HAVEX strain of malware. This attack graph follows a pair of Department of Justice indictments of Russia-based threat actors and a new joint FBI-CISA Cybersecurity Advisory about HAVEX released last week. An enduring and dangerous threat, HAVEX targeted the energy and power sectors in 135 countries from 2012-2018, and the tactics and techniques within it continue to threaten organizations today.

Following an up-tick in the activity of Russia-based cyberthreat actors, this blog discusses the practical steps you can take to validate your network security controls against known Russian tactics, techniques, and procedures to improve your security readiness. It walks readers through Russia-specific emulations included in the AttackIQ Network Control Validation module.

AttackIQ has released a new attack graph to emulate Russia-based threat actors as they exploit multi-factor authentication protocols to disable MFA. This blog describes the scenarios we have included in the new attack graph to emulate the adversary and then, to inform a purple team construct for cyberdefense operations, it provides detection and mitigation recommendations that you can use to improve your security program effectiveness. Read on for more.

In anticipation of escalating cyberattacks by the Russian government against U.S. and allied interests, AttackIQ has developed a new attack graph to help organizations test and validate their cyberdefenses against known Russian adversarial tactics, techniques, and procedures (TTPs).