July 22, 2025
AttackIQ introduces Ransom Tales, an initiative designed to emulate the Tactics, Techniques, and Procedures (TTPs) exhibited by sophisticated and prominent ransomware families with the objective of empowering defenders to rigorously challenge their security controls and enhance resilience against disruptive and extortive threats. In this release, AttackIQ presents three new attack graphs that emulate the behaviors exhibited by the BlackLock, Embargo and Mamona ransomware families.
June 23, 2025
Amid rising tensions after Israeli and U.S. strikes on Iranian nuclear sites, experts warn of increased Iranian cyber retaliation. With limited conventional options, Iran is expected to rely on cyberattacks against U.S. infrastructure and defense sectors. DHS has issued alerts on threats from state-backed hackers and proxies. AttackIQ continues to help organizations test and strengthen their defenses.
June 16, 2025
In response to the recently published CISA Advisory (AA25-163A) which highlights ransomware actors exploiting unpatched SimpleHelp Remote Monitoring and Management (RMM) tool, AttackIQ has provided actionable recommendations to help organizations emulate such attacks. These recommendations enable organizations to emulate tactics and techniques, helping to assess and improve their defenses against similar adversarial behaviors.
June 12, 2025
AttackIQ has released an updated attack graph in response to the recently revised CISA Advisory (AA23-352A) which disseminates Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs) associated with the Play Ransomware group, identified through FBI investigations as recently as May 2025.
June 3, 2025
AttackIQ Ready3 turns recommendations into action with a built-in CTEM workflow that maps attack surfaces, validates exposures, and tracks risk in real time. With MITRE ATT&CK-aligned tests, extended discovery, and automated checks, security teams can focus on fixing what truly matters.
May 29, 2025
AttackIQ has released a new assessment template that contains a curated list of Tools and Malware samples associated with Scattered Spider to help defenders improve their security posture against this sophisticated and persistent threat.
May 23, 2025
AttackIQ has released two new attack graphs that emulate the behaviors exhibited by DragonForce ransomware since its emergence in August 2023. Initially based entirely on the leaked LockBit 3.0 (Black) builder, it evolved with the introduction of a customized variant derived from the Conti V3 codebase. DragonForce operators may potentially be behind the recent cyber attacks that involved Marks & Spencer, Co-Op, and Harrods.
May 22, 2025
AttackIQ has updated an existing assessment template in response to the CISA Advisory (AA25-141B) published on May 21, 2025, which disseminates Tactics, Techniques and Procedures (TTPs) and Indicators of Compromise (IOCs), associated with threat actors deploying the LummaC2 information stealer malware, identified through FBI investigations as recent as May 2025.
May 21, 2025
AttackIQ has released a new assessment template in response to the CISA Advisory (AA25-141A) published on May 21, 2025. The CSA highlights a cyber espionage-oriented campaign carried out by cyber actors affiliated with the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (Unit 26165), targeting Western logistics entities and technology companies.
May 15, 2025
AttackIQ has released a new attack graph emulating the behaviors exhibited by VanHelsing ransomware, a new and rapidly growing ransomware-as-a-service (RaaS) affiliate program that emerged in March 2025. This emulation enables defenders to test and validate their detection and response capabilities against this new threat.
May 8, 2025
AttackIQ has released a new attack graph emulating the behaviors exhibited by Termite ransomware since its emergence in November 2024. Termite is widely believed to be based on Babuk Ransomware, a defunct strain whose source code was leaked in 2021. While Babuk’s influence remains evident, particularly in encryption routines and general behavior, Termite distinguishes itself by aggressively targeting environment-specific vulnerabilities.
April 24, 2025
AttackIQ has released a new attack graph emulating the behaviors exhibited by Helldown ransomware since its emergence in August 2024. Helldown is operated by the eponymous and still largely undocumented adversary, which employs double extortion tactics by exfiltrating sensitive data prior to encrypting victim systems and threatening to leak the data on its Dedicated Leak Site (DLS)