Russia

AttackIQ has released a new assessment template in response to the CISA Advisory (AA25-141A) published on May 21, 2025. The CSA highlights a cyber espionage-oriented campaign carried out by cyber actors affiliated with the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (Unit 26165), targeting Western logistics entities and technology companies.

AttackIQ has released a new assessment template that emulates the various post-compromise Tactics, Techniques, and Procedures (TTPs) associated with the sabotage-motivated Russian adversary Seashell Blizzard.

AttackIQ has released two new attack graphs that emulate the behaviors exhibited by the long-standing, financially motivated Russian criminal adversary known as FIN7 based on activities observed between 2022 and 2023.

AttackIQ has released two new attack graphs that emulate the behaviors exhibited by the long-standing, financially motivated criminal adversary known as FIN7 during its most recent activities in 2024.

AttackIQ has released a new assessment template in response to the CISA Advisory (AA24-249A) published on September 5, 2024, that assesses cyber actors affiliated with the Russian General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155), who are responsible for computer network operations against global targets for the purposes of espionage, sabotage, and reputational harm since at least 2020.

AttackIQ has released a new attack graph that emulates the behaviors exhibited by Prestige ransomware since the beginning of its activities in October 2022. Prestige has been observed targeting organizations in the transportation and related logistics sectors located in Ukraine and Poland. In November 2022, it was assessed that the Russian adversary known as Sandworm was most likely behind these attacks.

AttackIQ has released two new attack graphs that emulate the behaviors exhibited by the highly sophisticated Russian adversary Sandworm during various destructive activities against targets in Ukraine and other countries in the region shortly before the launch of the Russian invasion on February 24, 2022.

AttackIQ has released a new assessment template that emulates the various Post-Compromise Tactics, Techniques, and Procedures (TTPs) associated with the politically motivated Russian adversary Sandworm.

AttackIQ recommends that customers take the following testing actions in alignment to the recently published CISA Advisory (AA24-057A) which details recent Tactics, Techniques, and Procedures (TTPs) exhibited by the Russian Foreign Intelligence Service (SVR) adversary known as APT29 during activities in which it sought to gain initial access to the cloud infrastructure of government entities and corporations.

AttackIQ has released a new attack graph in response to the recently published CISA Advisory (AA23-347A) which assesses that cyber actors from the Russian Foreign Intelligence Service (SVR) have been observed targeting servers hosting JetBrains TeamCity software by exploiting vulnerability CVE-2023-42793 on a large scale, since September 2023.

The implications of not conducting security control testing are profound. Adversaries are relentless and will exploit vulnerabilities if given the chance. The potential impact includes data breaches, financial losses, damage to reputation, and regulatory penalties.

AttackIQ has released two new attack graphs in response to the recently published CISA Advisory (AA23-129A) that details the efforts taken by U.S. agencies to disrupt the peer-to-peer network infrastructure used by the Russian threat actor Turla and their Snake malware. Turla is the public name given to actors associated with cyberattacks conducted by Center 16 of Russia’s Federal Security Service (FSB).