A Deep Dive into the OceanLotus Adversary Emulation for macOS & Linux
<p>Last week we shared a new <a href="https://medium.com/mitre-engenuity/dropping-lotus-bombs-adversary-emulation-for-macos-linux-95b8d290a7b7" rel="noopener">OceanLotus adversary emulation plan</a>. In this deep dive, we’ll touch on how and why we chose <a href="https://mitre-engenuity.org/cybersecurity/center-for-threat-informed-defense/our-work/oceanlotus-adversary-emulation-plan/" rel="noopener ugc nofollow" target="_blank">OceanLotus</a> and then we will share a detailed walk-through of the of the emulation plan.</p>
<p>Open-source threat intelligence reporting shows that adversaries operate on macOS and Linux, yet cyber defenders lack tools and resources to emulate threats against those systems. Working in partnership Center participants including <a href="https://www.attackiq.com/" rel="noopener ugc nofollow" target="_blank">AttackIQ, Inc.</a>, <a href="https://www.crowdstrike.com/" rel="noopener ugc nofollow" target="_blank">CrowdStrike, Inc.</a>, <a href="https://www.fujitsu.com/global/" rel="noopener ugc nofollow" target="_blank">Fujitsu</a>, and <a href="https://www.ibm.com/security" rel="noopener ugc nofollow" target="_blank">IBM Security</a>, we selected OceanLotus as a threat actor group to emulate with a goal of raising awareness of threats to macOS and Linux systems. This emulation plan will begin to give visibility into a less documented operating system and it’s our first emulation plan for offensive operations that includes a documented range setup.</p>
<p><a href="https://medium.com/mitre-engenuity/a-deep-dive-into-the-oceanlotus-adversary-emulation-for-macos-linux-26e521502866"><strong>Read More</strong></a></p>