SYMBOLCOMMON_NAMEaka. SYNONYMS

TRAVELING SPIDER  (Back to overview)


Crowdstrike Tracks the criminal developer of Nemty ransomware as TRAVELING SPIDER. The actor has been observed to take advantage of single-factor authentication to gain access to victim organizations through Citrix Gateway and send extortion-related emails using the victim’s own Microsoft Office 365 instance.


Associated Families

There are currently no families associated with this actor.


References
2021-04-27CrowdStrikeJosh Dalman, Kamil Janton, Eben Kaplan
@online{dalman:20210427:ransomware:8242ac5, author = {Josh Dalman and Kamil Janton and Eben Kaplan}, title = {{Ransomware Preparedness: A Call to Action}}, date = {2021-04-27}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/ransomware-preparedness-a-call-to-action/}, language = {English}, urldate = {2021-05-31} } Ransomware Preparedness: A Call to Action
Dharma GlobeImposter Maze Phobos CIRCUS SPIDER TRAVELING SPIDER
2020-06-24CyberScoopShannon Vavra
@online{vavra:20200624:hackers:1e6b8cf, author = {Shannon Vavra}, title = {{Hackers are still running coronavirus-related campaigns, CrowdStrike warns}}, date = {2020-06-24}, organization = {CyberScoop}, url = {https://www.cyberscoop.com/coronavirus-hacking-disinformation-ransomware-spearphishing/}, language = {English}, urldate = {2021-05-31} } Hackers are still running coronavirus-related campaigns, CrowdStrike warns
TRAVELING SPIDER
2020CrowdStrikeCrowdStrike
@techreport{crowdstrike:2020:cyber:de17ed0, author = {CrowdStrike}, title = {{Cyber Front Lines Report}}, date = {2020}, institution = {CrowdStrike}, url = {https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeServicesCyberFrontLines.pdf}, language = {English}, urldate = {2021-05-31} } Cyber Front Lines Report
OUTLAW SPIDER TRAVELING SPIDER

Credits: MISP Project