CyCraft Technology Enters the Ring Again for the Third Round in MITRE Engenuity ATT&CK(R) Evaluations

CyCraft AIR Tested Against Latest Adversary Threat Emulations Including FIN7 and Carbanak

TAIPEI, April 20, 2021 /PRNewswire/ — CyCraft Technology, the fastest growing Cybersecurity firm in Asia, is proud to have participated in the third round of MITRE Engenuity ATT&CK Evaluations. This is CyCraft’s second time participating in the MITRE Engenuity ATT&CK Evaluations. CyCraft joined the second round of evaluations back in 2019, becoming the first cybersecurity vendor from Taiwan — and second from Asia — to participate.

CyCraft AIR Tested Against Latest Adversary Threat Emulations Including FIN7 and Carbanak
CyCraft AIR Tested Against Latest Adversary Threat Emulations Including FIN7 and Carbanak

MITRE, the ATT&CK framework, and Cybersecurity Vendor Evaluations

In 2018, the MITRE Corporation, a not-for-profit org that works in the public interest, launched the MITRE ATT&CK Evaluations, where MITRE evaluates the efficacy of cybersecurity products using an open methodology based on their own publicly available ATT&CK (Adversarial Tactics, Techniques & Common Knowledge) Framework –a living, growing framework of common tactics, techniques, and procedures (TTP) used by advanced persistent threats (APTs) and other cybercriminals. Everything a hacker can do on a victim’s system can be uniquely represented in the ATT&CK Framework.

The ATT&CK Evaluations not only provide transparency and publicly available data to the true efficacy of cybersecurity products but also drives security vendors to enhance their defensive capabilities towards known adversarial behaviors. Each round of ATT&CK Evaluations has cybersecurity vendors pitting their solutions against MITRE team-created emulations of known APTs.

Previous Rounds: APT3 (China) and APT29 (Russia)

In the 2018 ATT&CK Evaluations (round one), 12 cybersecurity vendors tested their solutions against APT3—a China-based threat group that researchers have attributed to China’s Ministry of State Security.

In the 2019 ATT&CK Evaluations (round two), 21 cybersecurity vendors went up against an emulation of APT29 — a threat group that has been attributed to the Russian government, and, most recently, has been attributed to the 2020 SolarWinds hack that penetrated thousands of organizations including multiple agencies belonging to the United States federal government. CyCraft became the first cybersecurity vendor from Taiwan –and second from Asia — to participate in the MITRE ATT&CK Evaluations.

Round 3: Carbanak & FIN7

Results of the 2020 MITRE Engenuity ATT&CK Evaluations (round three)—now run by MITRE Engenuity, where 29 security vendors went up against emulations of the financially motivated threat groups, FIN7 and Carbanak, are expected to be released soon in 2021 Q2.

For round three, MITRE Engenuity used the MITRE ATT&CK knowledge base to emulate the techniques, tactics, and procedures (TTP) of FIN7 and Carbanak, both of which have compromised financial services and hospitality organizations through the use of sophisticated malware and TTP, resulting in the theft of more than 1 billion USD across hundreds of businesses over the last five years. Carbanak and FIN7 also target a wide range of industries for financial gain, whereas prior emulated groups — the nation-state supported APT3 and APT29 — were more focused on espionage.

CyCraft’s Round 3 Results

CyCraft performed well in last year’s ATT&CK Evaluation against APT29. CyCraft is proud to report that they have performed equally well this year against FIN7 and Carbanak with zero delayed detections and zero configuration changes. This year was also the first year MITRE Engenuity incorporated Linux-based attack techniques into their testing. CyCraft not only detected all the Linux-based attacks but did so with the highest quality detection possible — Technique detection.

"MITRE’s evaluations empower the security community to make more informed decisions through a transparent evaluation process, and we’re glad that CyCraft participated in this important test, along with multiple other vendors," said Frank Duff, MITRE ATT&CK Evaluations Lead.

Frank Duff, MITRE ATT&CK Evaluations Lead (Source:
Frank Duff, MITRE ATT&CK Evaluations Lead (Source:

"Using the MITRE ATT&CK framework as the benchmark and our publicly available results, users can explore how CyCraft AIR detected our emulated adversary behavior of Carbanak and FIN7. Working together, these evaluations can make cyberspace safer for everyone."

Everything Starts From Security

CyCraft has become the fastest growing Cybersecurity firm in Asia due to their results from the MITRE ATT&CK APT29 Evaluations and the efficacy of their digital forensics, threat detection and response platform, CyCraft AIR.

CyCraft AIR, designed by CyCraft Technology, specializes in malicious behavior detection and is capable of continuously monitoring and managing the cyber situation of even the largest-scale of enterprises with hundreds of thousands of endpoints. CyCraft AIR provides automated threat triage, auto-prioritized alerts, correlation analyses, auto-investigations, and enables rapid and thorough incident response.

CyCraft Leadership (right to left): Benson Wu, CEO; Jeremy Chiu, CTO; PK Tsung, CSO
CyCraft Leadership (right to left): Benson Wu, CEO; Jeremy Chiu, CTO; PK Tsung, CSO

"CyCraft strives for human-AI collaboration in cybersecurity. In two years, we developed and put into operation an innovative AI-powered SecOps platform–effectively orchestrating endpoint telemetry, MITRE ATT&CK context, global threat intelligence for optimized situation awareness, and efficiently managing millions of endpoints from government and enterprise customers in the Asia-Pacific region."
Benson Wu, CyCraft Founder & CEO

About MITRE Engenuity ATT&CK Evaluations

MITRE Engenuity ATT&CK Evaluations are paid for by vendors and are intended to help vendors and end-users better understand their products’ capabilities in relation to MITRE’s publicly accessible ATT&CK? framework. MITRE developed and maintains the ATT&CK knowledge base, which is based on real-world reporting of adversarial tactics and techniques. ATT&CK is freely available and is widely used by defenders in industry and government to find gaps in visibility, defensive tools, and processes as they evaluate and select options to improve their network defenses. MITRE Engenuity makes the methodology and resulting data publicly available so other organizations may benefit and conduct their own analysis and interpretation.

About MITRE Engenuity

MITRE Engenuity is a tech foundation that collaborates with the private sector on challenges that demand public interest solutions, including cybersecurity, infrastructure resilience, healthcare effectiveness, microelectronics, quantum sensing, and next-generation communications.

About CyCraft Technology

As of 2021, CyCraft secures the public and private sector globally with customers among several government agencies, the Fortune Global 500, top banks and financial institutions in Asia, critical infrastructure, airlines, telecommunications, hi-tech firms, and SMEs in several APAC countries and regions, including Taiwan, Singapore, Japan, Vietnam, and Thailand. We power SOCs with our proprietary and award-winning AI-driven MDR (managed detection and response), SOC (security operations center) operations software and services, CTI (cyber threat intelligence), Health Check (compromise assessment), automated forensics, and IR (incident response) services.

Meet your cyber defense needs in the 2020s by engaging with CyCraft at [email protected]

Engage with CyCraft
Blog | LinkedIn | Twitter | Facebook | CyCraft


Dr. Benson Wu
Founder & CEO, CyCraft Technology
[email protected]

Chad Duffy
CyCraft Global Product Manager
[email protected]

Related Links :


Vince is a tech geek, has a passion for sharing knowledge and loves to tinker with different gadgets. Whenever he gets a new gadget he just open the box and figure out how the gadget works without reading the manual.

Learn More →

Leave a Reply

Your email address will not be published. Required fields are marked *