AttackIQ has released two new assessments that emulate the behaviors of The Gentlemen ransomware, a cross-platform threat that emerged around July 2025. The group employs a double-extortion model, combining file encryption with data exfiltration and leveraging a dedicated leak site to pressure victims into payment. The post Emulating the Gentlemen ... Read More

AttackIQ has released a new attack graph that emulates the behaviors of NightSpire Ransomware, a financially motivated ransomware and data extortion group that emerged in early 2025 and quickly evolved into a full double-extortion operation. The post Emulating the Persuasive NightSpire Ransomware appeared first on AttackIQ ... Read More

AttackIQ has released a new assessment template that emulates the behaviors of RoningLoader, a multi-stage loader observed in recent intrusion campaigns. RoningLoader operates through a layered execution chain, enabling stealthy delivery and execution of follow-on payloads while evading traditional detection mechanisms. The post Emulating the Multi-Stage RoningLoader Malware appeared first ... Read More

AttackIQ has released a new attack graph that emulates the behaviors of Sinobi ransomware, a ransomware strain that has been active since mid 2025. Sinobi is suspected to be a rebrand of Lynx, a Ransomware-as-a-Service (RaaS) group that first emerged in 2024. The post Emulating the Concealed Sinobi Ransomware appeared ... Read More

AttackIQ has released a new attack graph that emulates the behaviors of LokiLocker ransomware, a .NET based strain active since at least mid-August 2021. The malware combines defense evasion and impact techniques, including disabling Task Manager and Windows Firewall, as well as deleting Volume Shadow Copies to hinder detection and ... Read More

AttackIQ has released a new attack graph that emulates the behaviors of Cephalus ransomware, a Go-based strain active since June 2025 that combines defense-evasion and anti-analysis techniques, such as secure memory handling and tampering with Windows Defender, to enable stealthy targeted operations prior to encryption and extortion. The post Emulating ... Read More

AttackIQ has released a new assessment template designed to emulate the various post-compromise Tactics, Techniques, and Procedures (TTPs) associated with a recent intrusion targeting Ukrainian organizations that aligns with patterns previously associated with Sandworm. While attribution remains unconfirmed, this assessment helps defenders improve their security posture against similarly sophisticated and ... Read More

AttackIQ has released a new attack graph that emulates the behaviors exhibited by SideWinder, a threat actor with a long history of cyber espionage dating back to 2012. The group has primarily targeted government, military, and maritime sectors across South Asia and nearby regions through sophisticated spear-phishing campaigns, exploitation of ... Read More

AttackIQ has released a new attack graph that emulates the behaviors exhibited by Global Group ransomware, a threat that first appeared in June 2025 and quickly became notorious across the security landscape. The group has primarily targeted high-impact sectors such as healthcare, manufacturing, and professional services, where operational downtime can ... Read More

AttackIQ has released a new emulation in response to the Oracle Security Alert Advisory detailing the CVE-2025-61882 vulnerability, which impacts Oracle E-Business Suite versions 12.2.3 through 12.2.14. The post Response to Oracle Security Alert Advisory: Oracle E-Business Suite Pre-Auth RCE (CVE-2025-61882) appeared first on AttackIQ ... Read More