Attack simulations are not uncommon, it has been there since long time, the most seen in Military forces of-course. Attack simulations helps us in two ways, one two understand where we stand when an attack occurs and what strategies could be applied to best defend against, the second to understand the attacker and his strengths and strategise on taking him down. While the latter is a thing of large organisations and anti malware companies, the former is a must for all organisations whose business depends on IT Infrastructure.
An attack simulation is preferred to be done when the organisation is / has gone through a network / system / application overhaul. This will make sure the changes inside the organisation does not effect the overall security.
An attack simulation covers external, internal and insider threats in an organisation.
The exercise gives the opportunity for blue team to identify critical points and note the affected systems and side effects for each attack, thus the blue team will also be prepared to identify and respond the such threats without losing much time.