Tunnel Spider

Details

TUNNEL SPIDER is a prolific Ransomware-as-a-Service (RaaS) affiliate active since at least February 2022. Since that time, the adversary primarily used HIVE SPIDER’s Hive RaaS. After the Hive RaaS was disrupted by law enforcement in January 2023, TUNNEL SPIDER has used BITWISE SPIDER’s LockBit RaaS, the Black Basta RaaS, ROYAL SPIDER’s Royal RaaS, and Cactus ransomware. Cactus was first identified...

Community Identifiers

RMpFPL6GWYcwf3b

Objective

  • TMUg5H8rJDZI2ad

Motivation

  • mxwKzIjZ

Contact our team about
IOCs for this adversary

?

During a cybersecurity incident, indicators of compromise (IoC) are clues and evidence of a data breach.