Adversary Emulation

AttackIQ has released a new attack graph emulating the behaviors exhibited by Helldown ransomware since its emergence in August 2024. Helldown is operated by the eponymous and still largely undocumented adversary, which employs double extortion tactics by exfiltrating sensitive data prior to encrypting victim systems and threatening to leak the data on its Dedicated Leak Site (DLS)

AttackIQ has released three new attack graphs designed to emulate the Tactics, Techniques, and Procedures (TTPs) associated with StrelaStealer observed in its most recent activities, enabling defenders to test and validate their detection and response capabilities.

AttackIQ has released a new attack graph designed to emulate the Tactics, Techniques, and Procedures (TTPs) associated with CatB ransomware observed in its most recent activities, enabling defenders to test and validate their detection and response capabilities.

AttackIQ recommends that customers take the following testing actions in alignment with the recently published CISA Advisory (AA25-093A) which highlights the ongoing and evolving threat of fast flux techniques. These techniques are increasingly being adopted by a growing number of adversaries, making it critical for organizations to take proactive steps in mitigating this persistent threat.

AttackIQ has released a new assessment template that emulates the various post-compromise Tactics, Techniques, and Procedures (TTPs) associated with the sabotage-motivated Russian adversary Seashell Blizzard.

AttackIQ has released a new assessment template that emulates the various post-compromise Tactics, Techniques, and Procedures (TTPs) associated with the sabotage-motivated Chinese adversary Salt Typhoon.

AttackIQ has released a new assessment template in response to the CISA Advisory (AA25-071A) published on March 12, 2025, which details new behaviors exhibited by Medusa Ransomware.

AttackIQ has released a new attack graph emulating the behaviors exhibited by RansomHub ransomware since its emergence in February 2024. This sophisticated ransomware employs double extortion techniques and shares notable similarities with Knight ransomware.

AttackIQ has released a new attack graph emulating the behaviors exhibited by Akira ransomware since its emergence in March 2023. Akira operators provide victims the option to pay for either file decryption or data deletion rather than being forced to pay for both. Reported ransom demands range from 200,000 USD to over 4 million USD.

AttackIQ has released two new attack graphs that emulate the behaviors exhibited by the long-standing, financially motivated Russian criminal adversary known as FIN7 based on activities observed between 2022 and 2023.

AttackIQ has released a new attack graph emulating the behaviors exhibited by Hunters International ransomware since its discovery in October 2023. Technical analysis suggests a realistic possibility that Hunters International may have been deployed by actors linked to the disrupted Hive operation. However, while it bears significant similarities, Hunters International is not a direct rebrand.

AttackIQ has released an updated attack graph in response to the recently revised CISA Advisory (AA23-136A) that disseminates known BianLian ransomware group Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs) identified through the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Cyber Security Centre (ACSC) investigations.