August 11, 2021 01:41 PM Eastern Daylight Time
AUSTIN, Texas--(BUSINESS WIRE)--InQuest, a leading provider of emerging threat prevention services and solutions, announced today that they are making the proprietary Threat Intelligence that fuels their platforms available as a standalone offering to the public.
“Infrastructure tracking tradecraft is a requisite layer of augmentation for rapid response in today's threat landscape. By tracking threat actors through multiple anchors on TTPs and IOCs (IPs, domains, SSL certs, etc.), we're able to maintain knowledge of active campaigns even as they evolve day-to-day.”
To highlight a recent and topical exemplar, the company points to the Joint Cybersecurity Advisory published on July 19th by the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) outlining the tactics, techniques, and procedures (TTPs) as well as the indicators of compromise (IOCs) related to the nefarious activities of a Chinese Advanced Persistent Threat (APT) group known as "APT40" (aka BRONZE MOHAWK, FEVERDREAM, G0065, Gadolinium, GreenCrash, Hellsing, Kryptonite Panda, Leviathan, MUDCARP, Periscope, Temp.Periscope, and Temp.Jumper).
Among the IOCs were 49 domain names known to facilitate the computer network exploitation (CNE) activities for the group. Of these 49 indicators, 12 were previously identified by InQuest researchers and published for the protection of their customers on the following dates, YEARS ahead of last week’s joint advisory:
|Domain/IOC||InQuest Customers Notified*||Domain Registration Date|
When asked about the sourcing of Threat Intelligence (TI) and the value it brings to organizations, InQuest's Director of Threat Intelligence, William MacArthur, commented, "We don't reveal our methods and sources for intelligence gathering but, like our mantra on security efficacy, we believe in throwing everything and the kitchen sink at the problem." MacArthur further commented that "Infrastructure tracking tradecraft is a requisite layer of augmentation for rapid response in today's threat landscape. By tracking threat actors through multiple anchors on TTPs and IOCs (IPs, domains, SSL certs, etc.), we're able to maintain knowledge of active campaigns even as they evolve day-to-day."
InQuest CEO Michael Arcamone commented, "There's no end-all, be-all provider when it comes to Threat Intelligence and there are various ways it can be leveraged to defend an Enterprise. That said, we've seen time and time again that our methods of collection, curation, and application are resulting in solid mitigations for our customers."
InQuest Threat Intelligence (TI) is included with both InQuest SaaS email security and network appliance products. As of July 2021, InQuest TI is available via real-time API and Threat Intelligence Platform (TIP) integrations. Please contact email@example.com for further details.
*For operational security purposes, InQuest has only disclosed the approximate date (quarter) their customers received this intelligence.
InQuest is a cybersecurity solutions and services company founded by a well-versed team hailing from both the public and private sectors. InQuest delivers two key technologies, Deep File Inspection (DFI™️) for real-time threat prevention and "RetroHunting™", a novel approach that leverages the power of hindsight to apply today's threat intelligence to yesterday's data. Commercially available as a SaaS email security integration for Google Workspace (GSuite) and Microsoft O365, as a high-throughput on-premises network appliance, or via API. InQuest excels at malware analysis on a global scale, applying fanatical research to protect your users from the myriad of attacks of today and the evolving threats of tomorrow.