Author: Francis Guibernau

Francis Guibernau is an Adversary Research Engineer and member of the Adversary Research Team (ART) at AttackIQ. Francis conducts in-depth threat research and analysis to design and create highly sophisticated and realistic adversary emulations. He also coordinates the Cyber Threat Intelligence (CTI) project which focuses on the research, analysis, tracking and documentation of adversaries, malware families and cybersecurity incidents. Francis has extensive experience in adversary intelligence, encompassing both Nation-State and eCrime threats, as well as in vulnerability assessment and management, having previously worked at Deloitte and BNP Paribas.
    #StopRansomware

    Response to CISA Advisory (AA23-352A): #StopRansomware: Play Ransomware

    December 23, 2023
    AttackIQ has released a new attack graph in response to the recently published CISA Advisory (AA23-352A) which disseminates Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs) associated with the Play Ransomware group, identified through FBI investigations as recently as October 2023.
    Read More
    Adversary Emulation

    Response to CISA Advisory (AA23-347A): Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally

    December 21, 2023
    AttackIQ has released a new attack graph in response to the recently published CISA Advisory (AA23-347A) which assesses that cyber actors from the Russian Foreign Intelligence Service (SVR) have been observed targeting servers hosting JetBrains TeamCity software by exploiting vulnerability CVE-2023-42793 on a large scale, since September 2023.
    Read More
    Adversary Emulation

    Response to CISA Advisory (AA23-339A): Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers

    December 7, 2023
    AttackIQ has released two new attack graphs and one new scenario in response to the recently published CISA Advisory (AA23-339A) that disseminates Indicators of Compromise (IOCs), Tactics, Techniques, and Procedures (TTPs), and detection methods associated with the exploitation of CVE-2023-26360 at a Federal Civilian Executive Branch (FCEB). These attack graphs are based on two separate incidents that compromised at least two public-facing servers at a FCEB between June and July 2023.
    Read More
    Adversary Emulation, AvosLocker, Ransomware, TTPs, US-CERT Alert, US-CERT Alert Response

    Attack Graph Response to CISA Advisory (AA23-284A): #StopRansomware: AvosLocker Ransomware

    November 1, 2023
    AttackIQ has released a new attack graph in response to the recently published CISA Advisory (AA23-284A) that disseminates known Indicators of Compromise (IOCs), Tactics, Techniques, and Procedures (TTPs), and detection methods associated with AvosLocker ransomware identified through FBI investigations as recent as May 2023. AvosLocker is known for conducting activities against organizations across multiple critical infrastructure sectors using legitimate software and open-source remote system administration tools.
    Read More
    Adversary Emulation, Ransomware

    Emulating the Commodity Downloader GootLoader

    October 9, 2023
    AttackIQ has released three new attack graphs that aim to emulate the recent activities involving the commodity JavaScript-based downloader known as GootLoader.
    Read More
    Ransomware

    Emulating the Controversial and Intriguing Rhysida Ransomware

    September 20, 2023
    AttackIQ has released two new attack graphs that seek to emulate the various activities carried out by the controversial Ransomware-as-a-Service (RaaS) known as Rhysida against multiple targets worldwide since its discovery in May 2023.
    Read More
    AttackIQ, Cloud Security

    The Uncharted Waters of Cloud Security Optimization

    September 19, 2023
    Programmatic cloud testing can be your true north.
    Read More
    Adversary Emulation, North Korea

    Response to Lazarus’ 3CX Supply Chain Compromise

    April 14, 2023
    AttackIQ has released a new attack graph that aims to emulate the activities linked to the recent supply chain attack against the software developed by the company 3CX. This new release aims to emulate the activities carried out during the initial stages of the system compromise and the hands-on keyboard activity led by Lazarus Group.
    Read More