Francis Guibernau

AttackIQ

AttackIQ has released a new attack graph emulating the behaviors exhibited by Hunters International ransomware since its discovery in October 2023. Technical analysis suggests a realistic possibility that Hunters International may have been deployed by actors linked to the disrupted Hive operation. However, while it bears significant similarities, Hunters International ... Read More

AttackIQ has released a new assessment template in response to the CISA Advisory (AA25-022A) published on January 22, 2025, which details the exploitation of vulnerabilities discovered in Ivanti Cloud Service Appliances during September 2024. The post Response to CISA Advisory (AA25-022A): Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications ... Read More

AttackIQ has released a new assessment template in response to the CISA Advisory (AA25-022A) published on January 22, 2025, which details the exploitation of vulnerabilities discovered in Ivanti Cloud Service Appliances during September 2024. The post Response to CISA Advisory (AA25-022A): Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications ... Read More

AttackIQ has released a new attack graph emulating the behaviors exhibited by Ako ransomware since its emergence in January 2020. Contrary to many ransomware strains that focus on individual workstations, Ako targets entire networks, maximizing its impact. It is considered a variant of MedusaLocker due to numerous shared traits, including ... Read More

AttackIQ has released two new attack graphs that emulate the behaviors exhibited by the long-standing, financially motivated criminal adversary known as FIN7 during its most recent activities in 2024. The post Emulating the Financially Motivated Criminal Adversary FIN7 – Part 1 appeared first on AttackIQ ... Read More

In response to the recently published CISA Advisory (AA24-317A) that disseminates the top routinely exploited vulnerabilities from 2023, AttackIQ has proposed a multitude of recommendations that customers can take to emulate these prevalent vulnerabilities. The post Response to CISA Advisory (AA24-317A): 2023 Top Routinely Exploited Vulnerabilities appeared first on AttackIQ ... Read More

AttackIQ has released a new assessment template in response to the CISA Advisory (AA24-290A), published on October 16, 2024. The advisory highlights that since October 2023, Iranian cyber actors have used password spraying and multifactor authentication (MFA) ‘push bombing’ to compromise user accounts and gain access to organizations across various ... Read More

AttackIQ has released a new assessment template that addresses the numerous post-compromise Tactics, Techniques, and Procedures (TTPs) associated with the subscription-based information stealer known as Lumma Stealer. The post Emulating the Opportunistic and Lightweight Lumma Stealer appeared first on AttackIQ ... Read More

AttackIQ has released a new attack graph that emulates the behaviors exhibited by Medusa ransomware since the beginning of its activities in June 2021. Medusa is predominantly propagated through the exploitation of vulnerable services, such as public-facing assets or applications with known unpatched vulnerabilities, and the hijacking of legitimate accounts, ... Read More

AttackIQ has released a new assessment template in response to the CISA Advisory (AA24-249A) published on September 5, 2024, that assesses cyber actors affiliated with the Russian General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155), who are responsible for computer network operations against global targets for ... Read More