Tunnel Spider


TUNNEL SPIDER is a prolific Big Game Hunting adversary active since at least February 2022. Since that time, the adversary primarily used HIVE SPIDER’s Hive RaaS. After the Hive RaaS was disrupted by law enforcement in January 2023, TUNNEL SPIDER used BITWISE SPIDER’s LockBit RaaS, the Black Basta RaaS, and ROYAL SPIDER’s Royal RaaS, before adopting Cactus as their permanent ransomware payload. Ca...

Community Identifiers



  • ZQhKFmIuRw6Y2cB


  • AgGNRLSk

Contact our team about
IOCs for this adversary


During a cybersecurity incident, indicators of compromise (IoC) are clues and evidence of a data breach.