LiveFIRE XC APT40 Training and Simulation

Choose event timezone and date (DD/MM) and quantity/seats (repeat as needed). Sessions run from 09.00am – 4.30pm local time.
Out of stock
Product Details

*** A 5% discount per seat will be applied at checkout for 5+ seat purchases for each date ***

LiveFIRE XC APT40 Training and Simulation

The unique Cyber Security eXperiential Course for Individuals/Teams

Note availability is strictly limited to a maximum of 50 attendees per dated regional event

Please choose your preferred event timezone and date to suit your requirements and then choose your quantity (seats) and repeat as required.

CYBER RANGES provides world-class Cyber Security Training to well known global organizations, regional government entities and is a trusted partner to many companies who wish to ensure their cyber security resilience is fully known and capable.

Now you have the chance to deep-dive yourself, and/or your team, into a life-like simulation scenario, based on the APT40 threat.

Download The LiveFIRE XC Brochure:

LiveFIRE XC Training And Simulation png

Why Attend

Have you ever wanted to test your ability to respond to real-world threats in an ultra realistic simulation setting?

LiveFIRE is the perfect platform to allow you and also teams to engage on the next-gen CYBER RANGES training and exercise platform to test your ability to respond in real-time to well known and novel threats.

Zoom Attendees LiveFIRE XC 2 png

Consequences of APT40

Operations: 4/5 (CRITICAL) – Financial: 4/5 (CRITICAL) – Reputation: 4/5 (VERY HIGH)

The Background to our APT40 Threat Simulation

In July 2021 threat intelligence (TI) providers picked up reports from the US Department of Justice (DOJ) regarding charges against four (4) individuals for conducting a global intrusion campaign between 2011 and 2018 targeting intellectual property and confidential business information, across multiple industries including infectious disease research. The main goal was to steal IP related to infectious diseases including Ebola, MERS, HIV/AIDS, Marburg, and Tularemia.

Those intrusions have been attributed to ATP40 also known as BRONZE MOHAWK, FEVERDREAM, G0065, Gadolinium, GreenCrash, Hellsing, Kryptonite Panda, Leviathan, Mudcarp, Periscope, Temp.Periscope and Temp.Jumper.

The campaign leveraged spear-phishing emails that contained links to look-alike domains, created to mimic or resemble the domains of legitimate companies. In some cases, the threat actors leveraged hijacked credentials, to gain access to legitimate mail servers and then launch spear-phishing campaigns from within the victim entity or at other targeted entities.

Once the threat actors gained a foothold in the victim environment, they deployed malware such as BADFLICK, GreenCrash; PHOTO, a.k.a. Derusbi; MURKYTOP.

Simulation Scenario – Tackling ransomware

Ransomware uses asymmetric encryption. This is cryptography that uses a pair of keys to encrypt and decrypt a file. The public-private pair of keys is uniquely generated by the attacker for the victim, with the private key to decrypt the files stored on the attacker’s server. The attacker makes the private key available to the victim only after the ransom is paid, though as seen in recent ransomware campaigns, that is not always the case. Without access to the private key, it is nearly impossible to decrypt the files that are being held for ransom.

Many variations of ransomware exist. Often ransomware (and other malware) is distributed using email spam campaigns or through targeted attacks. Malware needs an attack vector to establish its presence on an endpoint. After presence is established, malware stays on the system until its task is accomplished.

After a successful exploit, ransomware drops and executes a malicious binary on the infected system. This binary then searches and encrypts valuable files, such as Microsoft Word documents, images, databases, and so on. The ransomware may also exploit system and network vulnerabilities to spread to other systems and possibly across entire organizations.

Once files are encrypted, ransomware prompts the user for a ransom to be paid within 24 to 48 hours to decrypt the files, or they will be lost forever. If a data backup is unavailable or those backups were themselves encrypted, the victim is faced with paying the ransom to recover personal files.

Background To LiveFIRE XC from CYBER RANGES

LiveFIRE XC is delivered by our field-hardened simulation training instructors on our next-generation CYBER RANGES platform for IT/OT simulation.

The digital transformation of communities, nations, industries, and firms relies on a competent cyber security workforce that can tackle cyberattacks, including cyber fraud, rogue-State threats, espionage, hacktivism of all sorts.

Incident response teams and SOC analysts need to keep their knowledge, skills and abilities up to date with regard to the most relevant and current threats, in order to improve incident handling, teamwork, compliance, workflows, run-book usage, and other organizational capability.

LiveFIRE XC is a focused, 2-day, online, experiential, crash course that offers participants, already at intermediate/advanced level, the following opportunities:

  • to have access to a simulated infrastructure containing a number of systems, processes and applications as likely to be found in a typical corporate environment;
  • to experience the latest cyberattacks, which will be detonated through the CYBER RANGES Injector Engine, reproducing both the cyberattacks and the associated Indicators of Compromise (IoC);
  • to be trained on how to detect, prepare for and respond to the simulated attacks;
  • to receive an expert after-action review and debriefing about the sample solution;
  • to be provided with an opportunity to further discuss with peers and experts about the response to similar security incidents.

This is a unique opportunity for you to experience and handle a wide range of cyberattacks, and sharpen your competence in detecting, investigating, mitigating and recovering from cyber events.


Solving the skills shortage in a time of growing cyber threats is one of the top priorities for Chief Information Security Officers. Add to the challenge the fact that most positions require advanced skills and on-the-job experience, and it is obvious why more and more organizations are leaning on CYBER RANGES as the most effective way to overcome the growing capability deficit and prepare for the threats of today and tomorrow.

Training Set-Up

    • CREATE

LiveFIRE XC gives participants expert advice on key concepts, tools, and best practices of cyber security defence. Knowledge is enhanced by hands-on practice to boost participants’ experiential learning.

Scenario Running


LiveFIRE XC offers participants the experience of live cyber attacks from the latest threat intelligence. Cyber attacks are safely and dynamically detonated in CYBER RANGES.

APT40 Scenario jpg



As an organization’s digital infrastructure evolves, cyber security professionals need to work smart to maintain their competence and muscle memory. We at CYBER RANGES are here to help you.


    • ASSESS

CYBER RANGES provides a comprehensive set of granular metrics to validate participants’ performance against NIST/NICE and other criteria for the purposes of gap analysis, technology validation, and overall cyber resilience.


LiveFIRE XC APT40 is delivered online over 2 (two) days via our next-gen CYBER RANGES platform.

DAY 109.00am to 16.30pm

Tools and Methodologies for Incident Response and Threat Hunting

The participants will be prepared for live attack simulations. The participants will be given access to a realistic corporate environment, which they have to defend.

    • Introduction to the target environment
    • Incident Response Process
    • Threat Hunting Tools and Methodologies
    • Cyber Threats and Threat Actors
    • MITRE ATT&CK® Framework

DAY 2 – 09.00am to 16.30pm

LiveFIRE Attacks
The participants will experience a number of cyberattacks simulating different threat actors with different motivations and capabilities. Different attacks will be simulated addressing different stages of the MITRE ATT&CK framework.

    • Phishing attacks and Business Email Compromise
    • Ransomware attacks
    • Driveby malware
    • Data exfiltration
    • Insider Threats

On completion all the participants will receive a confidential individual performance report and a personal LiveFIRE XC Certificate of Achievement.

Save this product for later
Scroll to Top

Upcoming Webinar Events

Join CYBER RANGES and guests on live Webinars and Bootcamps

Sign up to learn skills and practise on the CYBER RANGES platform