MITRE Engenuity ATT&CK® Evaluations: Enterprise — Turla Welcomes 31 Participants
We’re pleased to introduce the newest cohort for ATT&CK® Evaluations: Enterprise! This is the fifth iteration of our flagship Evaluation and the Emulation Plan will focus on Turla. As introduced previously, Turla has been active since at least the early 2000s. Turla is a sophisticated Russian-based threat group that has infected victims in over 45 countries. [1] The group is known to target government agencies, diplomatic missions, military groups, research, and media organizations. [2][3] Turla adopts novel and sophisticated techniques to maintain operational security, including the use of a distinctive command-and-control network in concert with their repertoire of using open source and in-house tools. [4] [5]
Thank you to each of the following vendors for participating in the evaluation — AhnLab, Bitdefender, BlackBerry, Broadcom, Check Point, Cisco, Crowdstrike, Cybereason, Cynet, Deep Instinct, Elastic, ESET, Fortinet, HarfangLab, Malwarebytes, Microsoft, Palo Alto Networks, Qualys, Rapid7, ReaQta (IBM), Secureworks, SentinelOne, SOMMA, Sophos, Tehtris, Trellix, Trend Micro, Uptycs, VMware, WatchGuard, and WithSecure.
This is our largest ATT&CK® Evaluations cohort to date. Three new vendors have entered into the fold, with 25 vendors participating in both the Detections and Protections portions of our Evaluation and 6 vendors joining as Detection only participants. For reference, the Protections component of the Evaluation is entirely optional. If you are leveraging Evaluations to determine the fit of specific products to your security infrastructure, it’s important to understand that these portions of the Evaluation happen separately and should therefore be analyzed separately as well.
For newcomers to ATT&CK® Evaluations, our Methodology Overview is a great place to start learning more about the intent of this joint research project. The results for this round will be published in the third quarter of 2023, and we urge you to read through our previous content to interpret results from the previous round, where we emulated Wizard Spider and Sandworm.
In advance of the Evaluation itself, we have updated the Evaluation Overview Page, which now includes information regarding:
- Turla (in the “ATT&CK Description” section)
- Unique aspects of this Emulation Plan (in the “Emulation Notes” section)
- The vendor participants for this round
- The superset of techniques/sub-techniques that may be used in this Evaluation
- The environment that will be used in the execution of each Evaluation
- The “Detection Category” methodology
As shared previously, we have also officially established a Community Advisory Board and Vendor Council. Over the course of 2 days at Black Hat/DEF CON, we held 2 sessions with each group to learn from our stakeholders. We intend to use that feedback to inform our innovations as we plan our roadmap for 2023 and will continue to have sessions to gather further insight. We are currently evaluating what we heard and will publish content regarding our learnings soon. We appreciate the engagement and are looking forward to sharing some exciting updates.
The MITRE Engenuity team is excited to begin this Evaluation and eager for the opportunity to engage with the community once again!
© 2022 MITRE Engenuity LLC. Approved for Public Release. Document number AT0034
