Learn how adversaries are shifting from evasion to systematically dismantling endpoint defenses to eliminate visibility, enforcement, and response. Explore how modern EDR inhibition techniques abuse legitimate system features and vulnerable drivers to quietly degrade protections with minimal detection. Understand why this once-advanced tradecraft is now standard practice—and how it creates ... Read More

AttackIQ has released a new attack graph that emulates the behaviors exhibited by BlackByte ransomware, a strain operated under the Ransomware-as-a-Service (RaaS) model that emerged in July 2021. Since its emergence, BlackByte has targeted organizations worldwide, including entities within U.S. critical infrastructure sectors such as Government, Financial Services, Manufacturing, and ... Read More

AttackIQ has released a new attack graph that emulates the behaviors exhibited by BlackSuit ransomware, a ransomware strain that has been active since at least May 2023. It represents the evolution of the ransomware previously identified as Royal ransomware, which was active from approximately September 2022 through June 2023. The ... Read More

AttackIQ released a new assessment template that compiles the Tactics, Techniques, and Procedures (TTPs) associated with the exploitation of the critical CVE-2025-55182 (React2Shell) Remote Code Execution (RCE) vulnerability affecting React Server Components. The post React2Shell (CVE-2025-55182): Critical Remote Code Execution (RCE) in React Server Components appeared first on AttackIQ ... Read More

On July 22, 2025, AttackIQ introduced Ransom Tales, an initiative focused on routinely emulating the Tactics, Techniques, and Procedures (TTPs) associated with the prolific ransomware families currently dominating the threat landscape. Each volume in this series is designed to dissect the operational behaviors of multiple ransomware families and translate them ... Read More

AttackIQ has issued recommendations in response to the Cybersecurity Advisory (CSA) released by the Cybersecurity and Infrastructure Security Agency (CISA) on December 9, 2025, which details the ongoing targeting of critical infrastructure by pro-Russia hacktivists. The post Response to CISA Advisory (AA25-343A): Pro-Russia Hacktivists Conduct Opportunistic Attacks Against US and ... Read More

AttackIQ has released an updated attack graph in response to emerging threat intelligence associated with the deployment of Qilin ransomware, a ransomware strain that first appeared in July 2022 and remains one of the most active ransomware families today. This update includes new behaviors related to the operators of the ... Read More

AttackIQ has released an updated attack graph in response to the recently revised CISA Advisory (AA24-109A) which disseminates Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs) associated with the Akira ransomware group, identified through FBI investigations as recently as November 2025. The post Updated Response to CISA Advisory ... Read More

AttackIQ presents the fifth volume of Ransom Tales, an initiative focused on emulating the Tactics, Techniques, and Procedures (TTPs) exhibited by sophisticated and prominent ransomware families with the objective of empowering defenders to rigorously challenge their security controls and enhance resilience against disruptive and extortive threats. In this release, AttackIQ ... Read More

AttackIQ research exposes RomCom’s espionage-to-ransomware convergence and provides 7 emulations to harden detection and response. The post The Evolution of RomCom: From Backdoor to Cyberwar  appeared first on AttackIQ ... Read More