Last week we shared a new OceanLotus adversary emulation plan. In this deep dive, we’ll touch on how and why we chose OceanLotus and then we will share a detailed walk-through of the of the emulation plan.
Open-source threat intelligence reporting shows that adversaries operate on macOS and Linux, yet cyber defenders lack tools and resources to emulate threats against those systems. Working in partnership Center participants including AttackIQ, Inc., CrowdStrike, Inc., Fujitsu, and IBM Security, we selected OceanLotus as a threat actor group to emulate with a goal of raising awareness of threats to macOS and Linux systems. This emulation plan will begin to give visibility into a less documented operating system and it’s our first emulation plan for offensive operations that includes a documented range setup.