AttackIQ has released two new attack graphs that emulate the behaviors exhibited by the long-standing, financially motivated criminal adversary known as FIN7 during its most recent activities in 2024. The post Emulating the Financially Motivated Criminal Adversary FIN7 – Part 1 appeared first on AttackIQ ... Read More

In response to the recently published CISA Advisory (AA24-317A) that disseminates the top routinely exploited vulnerabilities from 2023, AttackIQ has proposed a multitude of recommendations that customers can take to emulate these prevalent vulnerabilities. The post Response to CISA Advisory (AA24-317A): 2023 Top Routinely Exploited Vulnerabilities appeared first on AttackIQ ... Read More

AttackIQ has released a new assessment template in response to the CISA Advisory (AA24-290A), published on October 16, 2024. The advisory highlights that since October 2023, Iranian cyber actors have used password spraying and multifactor authentication (MFA) ‘push bombing’ to compromise user accounts and gain access to organizations across various ... Read More

AttackIQ has released a new assessment template that addresses the numerous post-compromise Tactics, Techniques, and Procedures (TTPs) associated with the subscription-based information stealer known as Lumma Stealer. The post Emulating the Opportunistic and Lightweight Lumma Stealer appeared first on AttackIQ ... Read More

AttackIQ has released a new attack graph that emulates the behaviors exhibited by Medusa ransomware since the beginning of its activities in June 2021. Medusa is predominantly propagated through the exploitation of vulnerable services, such as public-facing assets or applications with known unpatched vulnerabilities, and the hijacking of legitimate accounts, ... Read More

AttackIQ has released a new assessment template in response to the CISA Advisory (AA24-249A) published on September 5, 2024, that assesses cyber actors affiliated with the Russian General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155), who are responsible for computer network operations against global targets for ... Read More

AttackIQ has released a new assessment template in response to the CISA Advisory (AA24-207A) published on August 29, 2024, that disseminates known RansomHub ransomware IOCs and TTPs that have been identified through FBI threat response activities and third-party reporting as recently as August 2024. The post Response to CISA Advisory ... Read More

AttackIQ has released a new attack graph that emulates the behaviors exhibited by Mallox ransomware since the beginning of its activities in June 2021. Mallox primarily gains access to victim networks through dictionary brute-force attacks against unsecured MS-SQL servers. The post Emulating the Extortionist Mallox Ransomware appeared first on AttackIQ ... Read More

AttackIQ has released a new attack graph that emulates the behaviors exhibited by Prestige ransomware since the beginning of its activities in October 2022. Prestige has been observed targeting organizations in the transportation and related logistics sectors located in Ukraine and Poland. In November 2022, it was assessed that the ... Read More

AttackIQ has released a new attack graph that emulates the behaviors exhibited by the North Korean state-sponsored adversary Andariel during Operation Blacksmith which affected manufacturing, agricultural and physical security companies in multiple regions. The post Emulating the Politically Motivated North Korean Adversary Andariel – Part 2 appeared first on AttackIQ ... Read More