Cyber Threat Intelligence

Question 1

Which threat actor is known for rapid ransomware deployment (e.g., Ryuk, Conti) targeting healthcare?

Answer 1

FIN12 (motivation: financial gain via ransomware).

Question 2

Name the group that uses phishing campaigns with Dridex malware and Locky ransomware.

Answer 2

TA505 (motivation: data theft and financial fraud).

Question 3

Which extortion group uses MFA bypass and insider threats?

Answer 3

LAPSUS$ (motivation: data theft and extortion).

Question 4

Which threat actor uses social engineering and SIM swapping to compromise Okta?

Answer 4

Scattered Spider (affiliated with ALPHV/BlackCat).

Question 5

Name the APT group linked to Azure AD exploitation and supply chain attacks.

Answer 5

APT29 (Cozy Bear) (motivation: espionage).

Question 6

What ransomware hit Rite Aid in 2023, leading to data leaks?

Answer 6

BlackCat (ALPHV).

Question 7

Which healthcare breach exposed 2.3M records in 2023, likely linked to FIN12?

Answer 7

Shields Health Care Group breach.

Question 8

How did attackers move laterally in UK pharmacy chains in 2023?

Answer 8

Compromised MSPs + Cobalt Strike.

Question 9

What 2024 ransomware disrupted UnitedHealth’s pharmacy services?

Answer 9

BlackCat (ALPHV).

Question 10

Which technique exploits VPN vulnerabilities like CVE-2023-4966?

Answer 10

Initial Access via VPN Exploits (T1133).

Question 11

What is the MITRE ID for RDP brute-force attacks?

Answer 11

T1110 (common in retail IT environments).

Question 12

How do attackers escalate privileges using Windows Print Spooler?

Answer 12

Print Spooler Exploitation (T1550.002).

Question 13

Name a lateral movement technique using NTLM relay attacks.

Answer 13

Pass-the-Hash (T1550.002).

Question 14

What OWASP Top 10 risk involves injecting malicious SQL into patient portals?

Answer 14

SQL Injection (T1190).

Question 15

Which technique exploits weak authentication in pharmacy APIs?

Answer 15

API Abuse (T1552.003).

Question 16

What retail-specific attack involves Magecart-style payment skimming?

Answer 16

Payment Skimming (T1552.004).

Question 17

How do attackers manipulate POS systems for fraud?

Answer 17

Gift Card Fraud (T1499).

Question 18

What Azure attack involves forging authentication tokens?

Answer 18

Golden SAML (T1606.002).

Question 19

How do attackers bypass MFA in Entra ID?

Answer 19

Conditional Access Policy Bypass (T1556).

Question 20

Which technique abuses Azure service principals for persistence?

Answer 20

Service Principal Abuse (T1098).

Question 21

What’s a common exfiltration method for Azure Blob Storage data?

Answer 21

Blob Storage Exfiltration (T1530).

Question 22

Which tool is used for lateral movement in ransomware attacks?

Answer 22

Cobalt Strike.

Question 23

What tool simulates ransomware behaviors (e.g., mass file encryption)?

Answer 23

Atomic Red Team.

Question 24

Name a framework to emulate phishing + MFA fatigue attacks.

Answer 24

CALDERA (with phishing plugins).

Question 25

How would you simulate a FIN12 ransomware attack?

Answer 25

Deploy Atomic Red Team’s “mass file encryption” module + exfiltrate dummy data.

Question 26

How to test Entra ID’s resilience to MFA bypass?

Answer 26

Use AiTM (Adversary-in-the-Middle) phishing simulations.

Question 27

What’s a critical misconfiguration to exploit in Azure?

Answer 27

Overprivileged Global Admin roles (T1078.004).