Distant Spider

Details

DISTANT SPIDER—active since at least February 2022—is an eCrime actor who has exploited vulnerable ManageEngine and KACE servers. The adversary consistently deploys the legitimate Remote Management and Monitoring (RMM) tool ConnectWise Control to maintain persistent access. Despite maintaining an opportunistic target scope, DISTANT SPIDER searches environments for automated checking (ACH)- and ban...

Objective

  • 5whBM72Cu8pcfUN

Motivation

  • fg2i8dwA

Contact our team about
IOCs for this adversary

?

During a cybersecurity incident, indicators of compromise (IoC) are clues and evidence of a data breach.

Unlock the adversary universe

Thank you for your request!

A member of our team will be in touch shortly.

CrowdStrike logo