MITRE Engenuity is excited to open its Call for Participation for ATT&CK Evaluations Managed Services.
This third round of Managed Services evaluations, designed for managed security service providers (MSSP) and managed detection and response (MDR) competencies, will focus on cloud-based attacks, response and containment strategies, and post-incident analysis.
Learn MoreActive since at least 2006, menuPass (aka APT10) is believed to be sponsored by the Chinese Ministry of State Security (MSS). The group focuses on the exfiltration of sensitive data such as intellectual property and business intelligence in support of Chinese national security objectives. menuPass has targeted the aerospace, construction, engineering, government, and telecommunications sectors primarily in the US, Europe, Japan, and other parts of Southeast Asia. This threat actor is known for orchestrating Operation Cloud Hopper, a global espionage campaign discovered in 2016 and 2017 that involved the sustained exploitation of MSPs. In December 2018, the US DOJ filed criminal charges against two menuPass members in connection to the group’s activities.
MSS-affiliated groups such as APT10 have demonstrated a pattern of exploiting targets on a much broader geographic scope than the groups sponsored by the People Liberation Army (PLA), and are believed to be more likely to target the United States and regions outside of China’s direct sphere of influence. menuPass is known specifically for its use of living-off-the-land techniques, leveraging custom malware, utilizing fileless and anti-analysis tactics for defense evasion, and exploiting trusted third-party relationships for credential access. [1] [2] [3] [4] [5] [6] [7]
ALPHV BlackCat is a prolific ransomware-as-a-service (RaaS) operation that quickly gained notoriety after emerging in 2021. It offers affiliates a flexible ransomware strain written in Rust, enabling cross-platform targeting of Windows, Linux, and VMware systems. ALPHV BlackCat affiliates have targeted various industries including gaming and entertainment companies, manufacturing, construction, fashion, healthcare, government, engineering, retail, energy, transportation, telecommunication, education, and pharmaceuticals.
Versions of BlackCat include Windows and Linux (ESXi servers) and while intrusions differ based on affiliate tradecraft, when deployed, the ransomware impairs or disables system defenses, kills specific processes and services prior to employing sophisticated encryption capabilities. [1] [2] [3] [4] [5] [6] [7]