First detected in 2017, Wizard Spider has come a long way. The threat actor is known for its various malware variants, such as Conti, TrickBot, and Ryuk. A recent investigation by Prodaft revealed that the gang is one of the wealthiest ones and its assets exceed hundreds of millions of dollars.
Diving into details
- Wizard Spider is believed to be connected with the Lunar Spider and Grim Spider hacking gangs.
- Reportedly, Russia-based, the threat actor’s infrastructure consists of a complex set of sub-groups, immense numbers of compromised systems, and a highly distributed professional network.
- Its model incorporates recruiting skilled people and building a financial framework to deposit, transfer, and launder money.
- Since the group has been immensely profitable, it has poured its proceeds into illegal research and development.
Why this matters
Wizard Spider mainly aims to compromise enterprise networks and has a presence in almost every developed country, as well as a few emerging economies. Its victims include supply chain vendors, enterprises, defense contractors, critical utility providers, and healthcare facilities. The group can monetize various aspects of its operations and is responsible for spam on millions and millions of devices, targeted data breaches, and ransomware attacks.
Modus operandi
- The attacks mainly start through phishing emails using SystemBC proxy and QBot. Besides, the group conducts BEC to infiltrate businesses.
- After gaining initial access, Wizard Spider deploys Cobalt Strike for gaining domain admin privileges.
- Subsequently, Conti ransomware is dropped, hypervisor servers and machines are encrypted, and a ransom demand is made.
- A locker control panel manages victims.
- The threat actor leverages VPNs and proxies to hide its tracks. In addition to this, Wizard Spider has invested in novel tools such as VoIP systems and hired employees to cold call victims and scare them into paying the ransom.
The bottom line
Wizard Spider has a wide reach and has been under the microscope of various cybersecurity teams. Being a well-funded and highly-connected group makes Wizard Spider a massive threat to the cybersecurity space. Therefore, patch your software, implement anti-malware solutions, and exercise cyber hygiene to stay safe.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/6a2d_shutterstock_2091277222.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_414637558.jpg)
