InQuest (www.inquest.net), a leading provider of emerging threat prevention services and solutions, announced today that they are making the proprietary Threat Intelligence that fuels their platforms available as a standalone offering to the public.
To highlight a recent and topical exemplar, the company points to the Joint Cybersecurity Advisory published on July 19th by the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) outlining the tactics, techniques, and procedures (TTPs) as well as the indicators of compromise (IOCs) related to the nefarious activities of a Chinese Advanced Persistent Threat (APT) group known as “APT40” (aka BRONZE MOHAWK, FEVERDREAM, G0065, Gadolinium, GreenCrash, Hellsing, Kryptonite Panda, Leviathan, MUDCARP, Periscope, Temp.Periscope, and Temp.Jumper).
Among the IOCs were 49 domain names known to facilitate the computer network exploitation (CNE) activities for the group. Of these 49 indicators, 12 were previously identified by InQuest researchers and published for the protection of their customers on the following dates, YEARS ahead of last week’s joint advisory:
When asked about the sourcing of Threat Intelligence (TI) and the value it brings to organizations, InQuest’s Director of Threat Intelligence, William MacArthur, commented, “We don’t reveal our methods and sources for intelligence gathering but, like our mantra on security efficacy, we believe in throwing everything and the kitchen sink at the problem.” MacArthur further commented that “Infrastructure tracking tradecraft is a requisite layer of augmentation for rapid response in today’s threat landscape. By tracking threat actors through multiple anchors on TTPs and IOCs (IPs, domains, SSL certs, etc.), we’re able to maintain knowledge of active campaigns even as they evolve day-to-day.”
InQuest CEO Michael Arcamone commented, “There’s no end-all, be-all provider when it comes to Threat Intelligence and there are various ways it can be leveraged to defend an Enterprise. That said, we’ve seen time and time again that our methods of collection, curation, and application are resulting in solid mitigations for our customers.”
InQuest Threat Intelligence (TI) is included with both InQuest SaaS email security and network appliance products. As of July 2021, InQuest TI is available via real-time API and Threat Intelligence Platform (TIP) integrations. Please contact info@inquest.net for further details.
*For operational security purposes, InQuest has only disclosed the approximate date (quarter) their customers received this intelligence.
For more such updates and perspectives around Digital Innovation, IoT, Data Infrastructure, AI & Cybsercurity, go to AI-Techpark.com.