LiveFIRE XC APT40 Training and Simulation

$1 000.00
The unique Cyber Security eXperiential Course for Individuals and Teams: Please choose dates and quantities.
In stock
Product Details

LiveFIRE XC APT40 Training and Simulation

CYBER RANGES provides world-class Cyber Security Training to well known global organisations, regional government entities and are a trusted partner to many companies who wish to ensure their cyber security resilience is fully known and capable.

Now you have the chance to immerse yourself, and/or your team in a life-like, real-world scenario based on the APT40 threat.

Why Attend:

Have you ever wanted to test your ability to respond to real-world threats in an ultra realistic scenario?

LiveFIRE is the perfect platform to allow you and also teams to engage with a next-gen cyber security range to test your ability to respond in real-tie to well known threats.


Operations: 4/5 (CRITICAL) – Financial: 4/5 (CRITICAL) – Reputation: 4/5 (VERY HIGH)

The Background to our APT40 Threat Simulation:

Last July 2021, threat intelligence (TI) providers picked up reports from the US Department of Justice (DOJ) regarding charges against four (4) individuals for conducting a global intrusion campaign between 2011 and 2018 targeting intellectual property and confidential business information, across multiple industries including infectious disease research. The main goal was to steal IP related to infectious diseases including Ebola, MERS, HIV/AIDS, Marburg, and Tularemia.

These intrusions have been attributed to ATP40 also known as BRONZE MOHAWK, FEVERDREAM, G0065, Gadolinium, GreenCrash, Hellsing, Kryptonite Panda, Leviathan, Mudcarp, Periscope, Temp.Periscope and Temp.Jumper.

The campaign leveraged spear-phishing emails that contained links to look-alike domains, created to mimic or resemble the domains of legitimate companies. In some cases, the threat actors leveraged hijacked credentials, to gain access to legitimate mail servers and then launch spear-phishing campaigns from within the victim entity or at other targeted entities.

Once the threat actors gained a foothold in the victim environment, they deployed malware such as BADFLICK, GreenCrash; PHOTO, a.k.a. Derusbi; MURKYTOP.

Simulation Scenario – Tackling ransomware

Ransomware uses asymmetric encryption. This is cryptography that uses a pair of keys to encrypt and decrypt a file. The public-private pair of keys is uniquely generated by the attacker for the victim, with the private key to decrypt the files stored on the attacker’s server. The attacker makes the private key available to the victim only after the ransom is paid, though as seen in recent ransomware campaigns, that is not always the case. Without access to the private key, it is nearly impossible to decrypt the files that are being held for ransom.

Many variations of ransomware exist. Often ransomware (and other malware) is distributed using email spam campaigns or through targeted attacks. Malware needs an attack vector to establish its presence on an endpoint. After presence is established, malware stays on the system until its task is accomplished.

After a successful exploit, ransomware drops and executes a malicious binary on the infected system. This binary then searches and encrypts valuable files, such as Microsoft Word documents, images, databases, and so on. The ransomware may also exploit system and network vulnerabilities to spread to other systems and possibly across entire organizations.

Once files are encrypted, ransomware prompts the user for a ransom to be paid within 24 to 48 hours to decrypt the files, or they will be lost forever. If a data backup is unavailable or those backups were themselves encrypted, the victim is faced with paying the ransom to recover personal files.

Background To LiveFIRE from CYBER RANGES

Note availability is strictly limited to a maximum of 50 attendees per dated regional event

Please choose your region when booking for suitability to event date and time-zone

LiveFIRE XC is delivered by our top-class simulation training instructors on our best-of-breed next-generation IT/OT simulation platform CYBER RANGES.

The digital transformation of communities, nations, industries, and firms relies on a competent cyber security workforce in order to tackle cyberattacks, including cyber fraud, rogue-State threats, espionage, hacktivism of all sorts.

Incident response teams and SOC analysts need to keep their knowledge, skills and abilities up to date with regard to the most relevant and current threats, in order to improve incident handling, teamwork, compliance, workflows, run-book usage, and other organizational capability.

LiveFIRE XC is a focused, 2-day, online, experiential, crash course that offers participants, already at intermediate/advanced level, the following opportunities:

- to have access to a simulated infrastructure containing a number of systems, processes and applications as likely to be found in a typical corporate environment;

- to experience the latest cyberattacks, which will be detonated through the CYBER RANGES Injector Engine, reproducing both the cyberattacks and the associated Indicators of Compromise (IoC);

- to be trained on how to detect, prepare for and respond to the simulated attacks;

- to receive an expert after-action review and debriefing about the sample solution;

- to be provided with an opportunity to further discuss with peers and experts about the response to similar security incidents.

This is a unique opportunity for you to experience and handle a wide range of cyberattacks, while equipping you with the ability to sharpen your competence in detecting, investigating, mitigating and recovering from cyber events.

Training and Simulation

Solving the skills shortage in a time of growing cyber threats is one of the top priorities for Chief Information Security Officers. Add to the challenge the fact that most positions require advanced skills and on-the-job experience, and it is obvious why more and more organizations are leaning on cyber ranges as a way to overcome the growing capability deficit and prepare for the threats of tomorrow.

Training Set Up


LiveFIRE XC gives participants expert advice on key concepts, tools, and best practices of cyber security defence. Knowledge is enhanced by hands-on practice to boost participants' experiential learning.

Scenario Running


LiveFIRE XC offers participants the experience of live cyber attacks from the latest threat intelligence. Cyber attacks are safely and dynamically detonated in CYBER RANGES.



As an organization’s digital infrastructure evolves, cyber security professionals need to work smart to maintain their competence and muscle memory. We at CYBER RANGES are here to help you.



CYBER RANGES provides a comprehensive set of granular metrics to validate participants' performance against NIST NICE and other criteria for the purposes of gaps analysis, technology validation, and overall cyber resilience.

The Course

LiveFIRE XC is delivered online over 2 (two) days via our next-gen CYBER RANGES platform:


09.00 am to 16.30pm

Tools and Methodologies for Incident Response and Threat Hunting

The participants will be prepared for live attack simulations. The participants will be given access to a realistic corporate environment, which they have to defend.

- Introduction to the target environment

- Incident Response Process

- Threat Hunting Tools and Methodologies

- Cyber Threats and Threat Actors

- MITRE ATT&CK® Framework


09.00 am to 16.30pm

LiveFIRE Attacks
The participants will experience a number of cyberattacks simulating different threat actors with different motivations and capabilities. Different attacks will be simulated addressing different stages of the MITRE ATT&CK framework.

- Phishing attacks and Business Email Compromise

- Ransomware attacks

- Driveby malware

- Data exfiltration

- Insider Threats

On completion all the participants will receive a confidential individual performance report and a personal LiveFIRE XC Certificate of Completion.

Save this product for later




Scroll to Top