Beneath the Shadows: DarkGate
Madison Steel | | AttackIQ Flex, AutoIT, DanaBot, DarkGate, Malware, Malware-as-a-Service (MaaS), powershell
Join us as we uncover DarkGate, a malevolent force that strikes fear into the hearts of organizations worldwide. DarkGate has morphed into a sophisticated adversary, utilizing Drive-by Downloads and DanaBot deployment to ...
Response to ScreenConnect’s Recent Zero-day Vulnerability Exploitation
Francis Guibernau | | adversary emulation, Broad-Based Attacks, ConnectWise, Exploit, Ransomware, ScreenConnect, SlashAndGrab, zero-day
AttackIQ has released a new assessment template in response to the recent wave of zero-day vulnerability exploits affecting ConnectWise’s ScreenConnect software. This assessment template comprises the various Tactics, Techniques, and Procedures (TTPs) ...
Response to the Revised CISA Advisory (AA23-353A): #StopRansomware: ALPHV BlackCat
Francis Guibernau | | #StopRansomware, adversary emulation, ALPHV, Blackcat, Broad-Based Attacks, CISA Alert
AttackIQ has released an update to the BlackCat ransomware emulation in response to the recent revision of the CISA Advisory (AA23-353A) which disseminates Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures ...
Emulating the Sabotage-Focused Russian Adversary Sandworm
Francis Guibernau | | adversary emulation, Energy, government, Media, Media & Entertainment, Resources & Utilities, Russia, Sandworm
AttackIQ has released a new assessment template that emulates the various Post-Compromise Tactics, Techniques, and Procedures (TTPs) associated with the politically motivated Russian adversary Sandworm. The post Emulating the Sabotage-Focused Russian Adversary ...
Response to CISA Advisory (AA24-060B): Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways
In response to the recently published CISA Advisory (AA24-060B) that disseminates observed threat actor activities, Indicators of Compromise (IOCs), and mitigations associated with ongoing incident response activities in connection with the recent ...
Response to CISA Advisory (AA24-060A): #StopRansomware: Phobos Ransomware
Francis Guibernau | | #StopRansomware, adversary emulation, CISA Alert, Phobos, Ransomware, ransomware as a service
AttackIQ has released a new assessment template in response to the recently published CISA Advisory (AA24-060A) which disseminates known Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IOCs) associated with the ...
Response to CISA Advisory (AA24-057A): SVR Cyber Actors Adapt Tactics for Initial Cloud Access
AttackIQ recommends that customers take the following testing actions in alignment to the recently published CISA Advisory (AA24-057A) which details recent Tactics, Techniques, and Procedures (TTPs) exhibited by the Russian Foreign Intelligence ...
Response to an Unknown Threat Actor Who Leveraged a Compromised Account to Access State Government Organization
Andrew Costis | | AdFind, CISA Alert, Cybersecurity Advisory, Domain Account, Domain Trust Discovery, ldap, Remote System Discovery
In response to the recently published CISA Advisory (AA24-046A) that disseminates Tactics, Techniques, Procedures (TTPs) and mitigations associated with a recent incident response assessment of a state government organization’s network, AttackIQ recommends ...
Emulating the Ever-Evolving Loader DarkGate
Francis Guibernau | | adversary emulation, Borland Delphi, Commodity Loader, cybercrime, DarkGate, Hidden Virtual Network Computing (HVNC), Malware, Malware-as-a-Service (MaaS)
AttackIQ has released three new attack graphs that seek to emulate the Tactics, Techniques and Procedures (TTPs) associated with and exhibited by the infamous loader known as DarkGate during its activities in ...
Response to CISA Advisory (AA24-038A): PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure
Francis Guibernau | | adversary emulation, china, CISA Alert, Energy, Resources & Utilities, telecommunications, transportation
AttackIQ has released a new attack graph in response to the recently published CISA Advisory (AA24-038A) which assesses that the People’s Republic of China (PRC) state-sponsored cyber actors are seeking to pre-position ...