Sprite Spider is not a new hacker group. However, it is making headlines once again. Why? Let us find out.

The scoop

Two CrowdStrike researchers disclosed details about Sprite Spider at the recent SANS Cyber Threat Intelligence Summit. The threat actor started in 2015 with a banking trojan and has now reached great heights of sophistication and capabilities. The researchers connected the dots between Shifu, Wyatt, and Pixi to the DEFRAY777 ransomware attacks and found that all these activities were connected to a single group.

Evading detection

  • Evading detection is particularly easy as the malicious code is obfuscated in open-source projects.
  • The group only writes ‘Vatet’ to the disk and thus, it makes it incredibly challenging for researchers to find it during an attack.
  • It targets EXSi machines, implying that the group will deploy ransomware only to target a few servers instead of deploying it across the entire network.

Other emerging threats

  • Trickbot recently introduced a new module, masrv, to scan local network systems with open ports for quick lateral movement.
  • Android got its own malware named Oscorp that abuses accessibility services in Android devices to steal user credentials and media content.
  • Babuk Locker is turning into a menace and has claimed Serco as its latest victim. It has also followed into the footsteps of other ransomware families and is leveraging double extortion.

The bottom line

2020 was a great year for ransomware gangs as they had a lot of time to upgrade their techniques, tactics, and procedures. Sprite Spider is one such group that is slowly rising into infamy and due to its threat profile being on par with APT groups, it is anticipated to be the next big ransomware family.

Cyware Publisher