Ransom Tales: Volume II – Emulating Gunra, Anubis and DevMan Ransomware

AttackIQ presents the second volume of Ransom Tales, an initiative focused on emulating the Tactics, Techniques, and Procedures (TTPs) exhibited by sophisticated and prominent ransomware families with the objective of empowering defenders to rigorously challenge their security controls and enhance resilience against disruptive and extortive threats. In this release, AttackIQ presents three new attack graphs that emulate the behaviors exhibited by the Gunra, Anubis and DevMan ransomware families.

Author: Francis Guibernau Read More
[CISA AA25-203A] #StopRansomware: Interlock
Adversary Emulation

[CISA AA25-203A] #StopRansomware: Interlock

AttackIQ has released two new attack graphs in response to the CISA Advisory (AA25-203A) published on July 22, 2025, which disseminates known Interlock ransomware Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IOCs) identified through FBI investigations as recently as June 2025.
Read More
Ransom Tales: Volume I – Emulating BlackLock, Embargo, and Mamona Ransomware
Adversary Emulation

Ransom Tales: Volume I – Emulating BlackLock, Embargo, and Mamona Ransomware

AttackIQ introduces Ransom Tales, an initiative designed to emulate the Tactics, Techniques, and Procedures (TTPs) exhibited by sophisticated and prominent ransomware families with the objective of empowering defenders to rigorously challenge their security controls and enhance resilience against disruptive and extortive threats. In this release, AttackIQ presents three new attack graphs that emulate the behaviors exhibited by the BlackLock, Embargo and Mamona ransomware families.
Read More
Iranian Cyber Threat Escalation: Preparing for Asymmetric Response through Adversarial Validation Emulation
Iran

Iranian Cyber Threat Escalation: Preparing for Asymmetric Response through Adversarial Validation Emulation

Amid rising tensions after Israeli and U.S. strikes on Iranian nuclear sites, experts warn of increased Iranian cyber retaliation. With limited conventional options, Iran is expected to rely on cyberattacks against U.S. infrastructure and defense sectors. DHS has issued alerts on threats from state-backed hackers and proxies. AttackIQ continues to help organizations test and strengthen their defenses.
Read More

Most Recent

Democratizing the Practice of Adversary Emulation
Adversary Emulation

Democratizing the Practice of Adversary Emulation
AttackIQ is democratiziing the practice of threat-informed defense and adversary emulation, including by funding research from the Center for Threat-Informed Defense on micro-emulation planning. Learn more out how we put adversary emulation into practice in the AttackIQ Security Optimization Platform.
Read More
Emulating the Financially Motivated North Korean Adversary BlueNoroff
Adversary Emulation

Emulating the Financially Motivated North Korean Adversary BlueNoroff
AttackIQ has released a bundle of content including four new attack graphs that seek to emulate two types of attacks conducted by the North Korean adversary BlueNoroff. The newly released graphs emulate the behaviors used in the attacks against the Society for Worldwide Interbank Financial Telecommunication (SWIFT) software and organizations involved in cryptocurrency.
Read More
Attack Graph Response to US-CERT Alert (AA22-335A): #StopRansomware: Cuba Ransomware
US-CERT Alert Response

Attack Graph Response to US-CERT Alert (AA22-335A): #StopRansomware: Cuba Ransomware
AttackIQ has released a new fully featured attack graph that emulates the tactics, techniques, and procedures (TTPs) associated to attacks involving Cuba ransomware.This release is a follow-up to an FBI FLASH alert published in December 2021 that first detailed the initial attacks against 49 entities in critical infrastructure sectors. The Cuba ransomware actors have since doubled the number of U.S. victims and compromised over 100 entities worldwide.
Read More