Living-off-the-Land

AttackIQ has released a new attack graph that emulates the behaviors exhibited by Medusa ransomware since the beginning of its activities in June 2021. Medusa is predominantly propagated through the exploitation of vulnerable services, such as public-facing assets or applications with known unpatched vulnerabilities, and the hijacking of legitimate accounts, often using Initial Access Brokers (IABs) for infiltration.

AttackIQ has released a new attack graph that emulates the behaviors exhibited by Prestige ransomware since the beginning of its activities in October 2022. Prestige has been observed targeting organizations in the transportation and related logistics sectors located in Ukraine and Poland. In November 2022, it was assessed that the Russian adversary known as Sandworm was most likely behind these attacks.

QakBot, also recognized as Qbot, Quackbot, Pinkslipbot, and TA570, has etched its name among other cyber threats, leaving a trail of thousands of malware infections globally. Dive in as we explore QakBot’s genesis, its evolution, some specific tactics used and how you can test your defenses against them with AttackIQ Flex.