Tunnel Spider

Details

TUNNEL SPIDER is a prolific Ransomware-as-a-Service (RaaS) affiliate active since at least February 2022. Since that time, the adversary primarily used HIVE SPIDER’s Hive RaaS. After the Hive RaaS was disrupted by law enforcement in January 2023, TUNNEL SPIDER has used BITWISE SPIDER’s LockBit RaaS, the Black Basta RaaS, ROYAL SPIDER’s Royal RaaS, and Cactus ransomware. Cactus was first identified...

Objective

  • 1EiDTBKGfMg6ju7

Motivation

  • kocBsOfr

Contact our team about
IOCs for this adversary

?

During a cybersecurity incident, indicators of compromise (IoC) are clues and evidence of a data breach.