Distant Spider


DISTANT SPIDER—active since at least February 2022—is an eCrime actor who has exploited vulnerable ManageEngine and KACE servers. The adversary consistently deploys the legitimate Remote Management and Monitoring (RMM) tool ConnectWise Control to maintain persistent access. Despite maintaining an opportunistic target scope, DISTANT SPIDER searches environments for automated checking (ACH)- and ban...


  • 7eaybTxhMlc6gt1


  • BIWZ82Q9

Contact our team about
IOCs for this adversary


During a cybersecurity incident, indicators of compromise (IoC) are clues and evidence of a data breach.