Adversary Emulation

Attack Graph Response to US-CERT AA22-083A: Historical Russia-based Actors Targeting the Energy Sector 

AttackIQ has released a new attack graph for organizations to test and validate their cyberdefense effectiveness against the HAVEX strain of malware. This attack graph follows a pair of Department of Justice indictments of Russia-based threat actors and a new joint FBI-CISA Cybersecurity Advisory about HAVEX released last week. An enduring and dangerous threat, HAVEX targeted the energy and power sectors in 135 countries from 2012-2018, and the tactics and techniques within it continue to threaten organizations today.

Testing Network Security Controls against Russian Malware 

Following an up-tick in the activity of Russia-based cyberthreat actors, this blog discusses the practical steps you can take to validate your network security controls against known Russian tactics, techniques, and procedures to improve your security readiness. It walks readers through Russia-specific emulations included in the AttackIQ Network Control Validation module.

Attack Graph Response to US CERT AA22-074A: Russia-based actors disabling multi-factor authentication (MFA)  

AttackIQ has released a new attack graph to emulate Russia-based threat actors as they exploit multi-factor authentication protocols to disable MFA. This blog describes the scenarios we have included in the new attack graph to emulate the adversary and then, to inform a purple team construct for cyberdefense operations, it provides detection and mitigation recommendations that you can use to improve your security program effectiveness. Read on for more.

Testing with Realism: Attack Flows and AttackIQ Attack Graphs  

AttackIQ and the Center for Threat-Informed Defense are furthering the art of adversary emulation with the Center's new Attack Flow project. Building on our deep research partnership with the Center, AttackIQ's Attack Graphs emulate the adversary with specificity and realism to test advanced cyberdefense technologies against multi-stage attacks. Read on for more.

Preparing for Known Russia-based Cyberthreats Using MITRE ATT&CK and AttackIQ

To prepare for a potential cyberattack from Russia-based actors, you can begin by testing your security controls against known adversary tactics. The vast majority of cyberattacks use tactics and techniques that have been employed in the past. This blog walks you through key known tactics and techniques, and highlights scenarios in the AttackIQ Security Optimization Platform that you can use today to test your defenses and improve your cybersecurity readiness.