AttackIQ

🚨 Big News: AttackIQ Acquires DeepSurface to Strengthen Adversarial Exposure Validation (AEV) 🚨 We’re excited to announce the acquisition of DeepSurface Security, a leader in security posture management and vulnerability prioritization. This move enhances our AEV platform, giving organizations a proactive, intelligence-driven approach to identifying and mitigating exposures before they can be exploited. By integrating DeepSurface’s advanced vulnerability context and attack path mapping, we’re empowering security teams to move from reactive security to a continuously validated, threat-informed defense. 🔗 Learn more: https://lnkd.in/eCAnfuM3 #CyberSecurity #AttackIQ #AdversarialExposureValidation #ThreatInformedDefense

🚀 Kick Off RSAC 2025 in Style with Trellix & AttackIQ! 🎉 Join us for an unforgettable RSA Conference Kickoff Party at the iconic San Francisco Museum of Modern Art (SFMOMA)! 🔥 What to Expect: 🎶 Live music from Party Crashers 🍽️ Gourmet bites & open bar 🤝 Exclusive networking with top security leaders 📅 Monday, April 28, 2025 | ⏰ 7:00 PM – 11:00 PM 📍 SFMOMA, San Francisco 🔗 https://bit.ly/4i5jcYh This is the must-attend event to start your RSAC week right! Spots are limited—register now! #RSAC2025 #Cybersecurity #Networking #RSACKickoff

Kroll has long been a global leader in risk advisory and cybersecurity, continuously evolving to tackle today’s most complex security challenges. To enhance its Cyber and Data Resilience (CDR) practice, Kroll partnered with AttackIQ to bring continuous security validation and adversary emulation into its methodology—driving greater efficiency, automation, and scalability across its services. 📊 The Impact: 🔹faster detection response times 🔹fewer false positives 🔹 reduction in security assessment costs By integrating AttackIQ, Kroll is not just optimizing security operations—it’s delivering superior outcomes and helping organizations stay ahead of cyber threats. 💡 #CyberSecurity #AdversaryEmulation #SecurityValidation #ThreatInformedDefense #BreachAndAttackSimulation

North Korean hackers, particularly the Lazarus Group, have stolen billions through sophisticated attacks on US companies, including the Bybit hack. In Cybernews' recent article, Adversary Research Engineer Andrew Costis ("AC") highlights that the lack of accountability and minimal legal repercussions allow North Korea to carry out attacks with minimal fear of retaliation, making them a significant threat. Read the full article: https://lnkd.in/egBvbTAG #CyberSecurity #LazarusGroup #ThreatIntelligence #AdversaryResearch

In early 2025, Medusa, Akira, and RansomHub emerged as some of the most formidable ransomware families, refining their tradecraft to bypass defenses. The best way to fight back? Think like an attacker. Join Adversary Research Engineers Andrew Costis ("AC") and Ian Rogers next week, as they dive into the latest ransomware threats and show you how to emulate their tactics. 🔒 Secure your spot: https://lnkd.in/ep2MGCrZ #CyberSecurity #AdversaryEmulation #RansomwareDefense #ExposureValidation #Medusa #Akira #Ransomhub

The latest CISA advisory (AA25-093A) warns of the increasing use of fast flux techniques—a tactic where attackers rapidly change DNS records to evade detection and maintain control over compromised systems. This method is being leveraged by ransomware groups like Hive and Nefilim, making it a critical threat to organizations worldwide. 💡 Read the latest recommendations for defenders and security teams: https://bit.ly/3E61bek Cybersecurity and Infrastructure Security Agency National Security Agency #CyberSecurityResearch #ThreatIntelligence #FastFlux #Ransomware #CISA #Hive #Nefilim

A new assessment template has been released by our Adversary Research Team to help security teams validate their defenses against Seashell Blizzard (APT44)—a highly sophisticated Russian adversary linked to the GRU. Seashell Blizzard is known for targeting critical infrastructure, including energy, telecom, government, and ICS/SCADA systems, using persistent, long-term access for espionage and sabotage. Their recent BadPilot campaign exploited vulnerabilities and spear-phishing to infiltrate networks. Our latest emulation template replicates their post-compromise TTPs, enabling organizations to: ✅ Evaluate security controls against active Russian APT tactics ✅ Test defenses against critical infrastructure-focused threats ✅ Continuously validate detection & prevention pipelines 📖 Test the TTPs used by Seashell Blizzard: https://lnkd.in/eNv89zJx Adversary Researchers: Ayelen T., Paul Reid, Andrew Costis ("AC") Ian R. #CybersecurityResearch #ThreatEmulation #ThreatIntelligence #SeashellBlizzard #BadPilotCampaign #VoodooBear #Sandworm

While April Fools’ Day is full of pranks, this isn’t one. An advisory from the FBI, CISA, and MS-ISAC warns of Medusa’s growing threat, as attacks on healthcare, water facilities, and power grids surge. 🔍 How does Medusa operate? Andrew Costis ("AC"), Engineering Manager at AttackIQ, explains: "Medusa operates primarily in Windows-based environments, exploiting vulnerable services and hijacking legitimate accounts." With ransomware evolving, organizations must validate their defenses before an attack happens. Read the full article for insights on how to stay ahead. 📖 https://lnkd.in/eT_BrmbW #Cybersecurity #Ransomware #Medusa #ThreatIntelligence #CISA

Our latest assessment template emulates the stealthy tactics of Salt Typhoon, a Chinese APT targeting critical sectors. 🚨 Key techniques emulated: 🔹 Process Injection (T1055) – Injects shellcode into legitimate processes for stealthy execution. 🔹 DLL Side-Loading (T1574.002) – Uses trusted executables to execute malicious payloads. 🔹 Scheduled Task Abuse (T1053.005) – Maintains persistence by executing malicious tasks. 🔹 OS Credential Dumping (T1003.001) – Extracts credentials from LSASS memory. 🔹 Lateral Movement via WMI (T1047) – Executes remote commands to spread within the network. With detection and mitigation insights mapped to MITRE ATT&CK, this emulation provides a structured way to assess security controls, identify gaps, and optimize defenses against a highly-resourced and evasive threat. 📥 Test your defenses today: https://bit.ly/3RjLF1n #AdversaryEmulation #SaltTyphoon #APT #ThreatIntelligence #ExposureValidation

The Cloud is Your Biggest Asset—And Your Biggest Risk With identity, authentication, and critical operations moving to the cloud, a single misconfiguration can open the door to a major breach. So how can security teams focus on the right risks? In a new article, Paul Reid, VP of Adversary Research at AttackIQ, shares what organizations must do now to protect their cloud environments in 2025. https://lnkd.in/e4Y457yd #CloudSecurity #ThreatIntelligence #SecurityValidation #CyberRisk