Ransom Tales: Volume II – Emulating Gunra, Anubis and DevMan Ransomware

AttackIQ presents the second volume of Ransom Tales, an initiative focused on emulating the Tactics, Techniques, and Procedures (TTPs) exhibited by sophisticated and prominent ransomware families with the objective of empowering defenders to rigorously challenge their security controls and enhance resilience against disruptive and extortive threats. In this release, AttackIQ presents three new attack graphs that emulate the behaviors exhibited by the Gunra, Anubis and DevMan ransomware families.

Author: Francis Guibernau Read More
[CISA AA25-203A] #StopRansomware: Interlock
Adversary Emulation

[CISA AA25-203A] #StopRansomware: Interlock

AttackIQ has released two new attack graphs in response to the CISA Advisory (AA25-203A) published on July 22, 2025, which disseminates known Interlock ransomware Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IOCs) identified through FBI investigations as recently as June 2025.
Read More
Ransom Tales: Volume I – Emulating BlackLock, Embargo, and Mamona Ransomware
Adversary Emulation

Ransom Tales: Volume I – Emulating BlackLock, Embargo, and Mamona Ransomware

AttackIQ introduces Ransom Tales, an initiative designed to emulate the Tactics, Techniques, and Procedures (TTPs) exhibited by sophisticated and prominent ransomware families with the objective of empowering defenders to rigorously challenge their security controls and enhance resilience against disruptive and extortive threats. In this release, AttackIQ presents three new attack graphs that emulate the behaviors exhibited by the BlackLock, Embargo and Mamona ransomware families.
Read More
Iranian Cyber Threat Escalation: Preparing for Asymmetric Response through Adversarial Validation Emulation
Iran

Iranian Cyber Threat Escalation: Preparing for Asymmetric Response through Adversarial Validation Emulation

Amid rising tensions after Israeli and U.S. strikes on Iranian nuclear sites, experts warn of increased Iranian cyber retaliation. With limited conventional options, Iran is expected to rely on cyberattacks against U.S. infrastructure and defense sectors. DHS has issued alerts on threats from state-backed hackers and proxies. AttackIQ continues to help organizations test and strengthen their defenses.
Read More

Most Recent

A View of PrintNightmare Through the Lens of Prioritization
Vulnerability Research

A View of PrintNightmare Through the Lens of Prioritization
Now that the dust has settled around CVE-2021-34527, also known as PrintNightmare, we thought we’d use it as an example of how DeepSurface can reprioritize even the highest priority vulnerabilities, saving you and your patch team hours of effort.  For this blog post, you don’t need to know anything about PrintNightmare other than it was nearly ubiquitous, there are dozens of exploits in the wild, and that it’s fairly easy to remediate.
Read More
10 Things You May Not Know About Purple Teaming 
Cybersecurity

10 Things You May Not Know About Purple Teaming 
We’re familiar with red teaming and blue teaming, but have you heard about purple teaming? This blog dives into facts you may not be aware of around this new team construct meant to foster collaboration between red and blue teams for a stronger cybersecurity practice.
Read More
What To Do in the Case of Brand Reputation Impersonation
Cyberattack

What To Do in the Case of Brand Reputation Impersonation
Recently, AttackIQ was notified that an Iranian threat actor had created a fake domain and fraudulent website (attackiq[.]ir) impersonating AttackIQ and abusing the company brand. This blog is an account of what happened and how AttackIQ responded, and it aims to provide insights to help organizations prepare to deal with similar Brand Reputation Abuse situations.
Read More
DeepSurface Security Advisory: LPE in Firefox on Windows
Vulnerability Research

DeepSurface Security Advisory: LPE in Firefox on Windows
Firefox is vulnerable to local privilege escalation (LPE) attacks under certain conditions on Windows platforms. This would allow an attacker to perform a local privilege escalation attack against Firefox users using the same Windows system. Through our responsible disclosure program Mozilla was contacted, and full technical details were provided, but has ultimately chosen not to fix this vulnerability.
Read More