New Evidence Proves Ongoing WIZARD SPIDER / LUNAR SPIDER Collaboration
On March 17, 2019, CrowdStrike® Intelligence observed the use of a new BokBot (developed and operated by LUNAR SPIDER) proxy module in…
On March 17, 2019, CrowdStrike® Intelligence observed the use of a new BokBot (developed and operated by LUNAR SPIDER) proxy module in…
CrowdStrike® Intelligence has recently observed PINCHY SPIDER affiliates deploying GandCrab ransomware in enterprise environments, using lateral movement techniques and tooling commonly associated…
1. How Threat Actors are Classified Our intelligence team is dedicated to tracking the activities of threat actor groups and advanced persistent…
CrowdStrike® Intelligence observed a new campaign from a LUNAR SPIDER affiliate to distribute WIZARD SPIDER's TrickBot malware on Feb. 7, 2019. However,…
The nation-state adversary group known as FANCY BEAR (also known as APT28 or Sofacy) has been operating since at least 2008 and represents…
This blog is from the CrowdStrike Intelligence Advanced Research Team Motivation What is worse than a failing system? A (silently) compromised, yet…
CrowdStrike® Intelligence™ has been researching reports of widespread DNS hijacking activity since information on the attacks became publicly available earlier this month.1 The…
WIZARD SPIDER is a sophisticated eCrime group that has been operating the Ryuk ransomware since August 2018, targeting large organizations for a…
The Kelihos peer-to-peer botnet was one of the largest and longest-operating cybercrime infrastructures in existence. Its origins can be traced back to…
HELIX KITTEN is likely an Iranian-based adversary group, active since at least late 2015, targeting organizations in the aerospace, energy, financial, government,…