Announcement of SOMMA for MITRE Engenuity ATT&CK® Enterprise Evaluations result
2022, Apr 05  
(주) 쏘마 기술 블로그

MITRE Engenuity ATT&CK® Enterprise Evaluations

ATT&CK Evaluations Emulate Wizard Spider and Sandworm Threat Groups

Seongnam-si, Gyeonggi-do Korea April 1, 2022 – SOMMA, Inc., announced the results of its completed MITRE Engenuity ATT&CK® Evaluation for Monster. This round of independent ATT&CK Evaluations for enterprise cybersecurity solutions emulated the Wizard Spider and Sandworm threat groups, highlighting results across 30 vendors.

Mr. Yong-Hwan Roh, CEO and Founder, SOMMA, Inc. said, “This is the first time that SOMMA has participated in the MITRE ATT&CK Evaluations. It is a very significant milestone for us. This evaluation is very beneficial as it objectively assesses the strength and weaknesses of our techniques and capabilities. We’re pleased that our attack simulation is well reflected in this MITRE Engenuity Evaluation. Overall, this was a great experience for us to collaborate with the excellent professionals during this evaluation process.” Also, he comments, “SOMMA considers the secure visibility, threat behavior detection with data analysis and its root cause tracking as the most valuable in cyber breach circumstances. MITRE ATT&CK Evaluations are quite effective to evaluate and prove our value, and we are proud of this big achievement to effectively counteract advanced cyber threats.”

MITRE ATT&CK Evaluations prioritize threats that offer unique impact to businesses and governments worldwide. Through the lens of the ATT&CK knowledge base, Evals focused on two threat actors, Wizard Spider and Sandworm. Wizard Spider is a financially motivated criminal group that has been conducting ransomware campaigns since August 2018 against a variety of organizations, ranging from major corporations to hospitals. Sandworm is a destructive Russian threat group that is known for carrying out notable attacks such as the 2015 and 2016 targeting of Ukrainian electrical companies and 2017’s NotPetya attacks. These two threat actors were chosen based on their complexity, relevancy to the market, and how well MITRE Engenuity’s staff can fittingly emulate the adversary.

“This latest round indicates significant product growth from our vendor participants. We are seeing greater emphasis in threat informed defense capabilities, which in turn has developed the infosec community’s emphasis on prioritizing the ATT&CK Framework,” said Ashwin Radhakrishnan, acting General Manager of ATT&CK Evaluations at MITRE Engenuity.

The Evals team chose to emulate two threat groups that abuse the Data Encrypted For Impact (T1486) technique. In Wizard Spider’s case, they have leveraged data encryption for ransomware, including the widely known Ryuk malware (S0446). Sandworm, on the other hand, leveraged encryption for the destruction of data, perhaps most notably with their NotPetya malware (S0368) that disguised itself as ransomware. While the common thread to this year’s evaluations is “Data Encrypted for Impact,” both groups have substantial reporting on a broad range of post-exploitation tradecraft.

For full results and more information about the evaluations, please visit: https://attackevals.mitre-engenuity.org/enterprise/wizard-spider-and-sandworm.


About MITRE Engenuity

MITRE Engenuity, a subsidiary of MITRE, is a tech foundation for the public good. MITRE’s mission-driven teams are dedicated to solving problems for a safer world. Through our public-private partnerships and federally funded R&D centers, we work across government and in partnership with industry to tackle challenges to the safety, stability, and well-being of our nation.

MITRE Engenuity brings MITRE’s deep technical know-how and systems thinking to the private sector to solve complex challenges that government alone cannot solve. MITRE Engenuity catalyzes the collective R&D strength of the broader U.S. federal government, academia, and private sector to tackle national and global challenges, such as protecting critical infrastructure, creating a resilient semiconductor ecosystem, building a genomics center for public good, accelerating use case innovation in 5G, and democratizing threat-informed cyber defense.


MONSTER is a cloud-based threat hunting platform and service in SOMMA which is provided an autonomous process to gain endpoint visibility, threat detection and root-cause tracking and response against advanced cyber breaches.