TRAVELING SPIDER  (Back to overview)

Crowdstrike Tracks the criminal developer of Nemty ransomware as TRAVELING SPIDER. The actor has been observed to take advantage of single-factor authentication to gain access to victim organizations through Citrix Gateway and send extortion-related emails using the victim’s own Microsoft Office 365 instance.

---

Associated Families

There are currently no families associated with this actor.

---

References

2021-04-27 ⋅ CrowdStrike ⋅ Josh Dalman, Kamil Janton, Eben Kaplan @online{dalman:20210427:ransomware:8242ac5, author = {Josh Dalman and Kamil Janton and Eben Kaplan}, title = {{Ransomware Preparedness: A Call to Action}}, date = {2021-04-27}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/ransomware-preparedness-a-call-to-action/}, language = {English}, urldate = {2021-05-31} } Ransomware Preparedness: A Call to Action Dharma GlobeImposter Maze Phobos CIRCUS SPIDER TRAVELING SPIDER

2020-06-24 ⋅ CyberScoop ⋅ Shannon Vavra @online{vavra:20200624:hackers:1e6b8cf, author = {Shannon Vavra}, title = {{Hackers are still running coronavirus-related campaigns, CrowdStrike warns}}, date = {2020-06-24}, organization = {CyberScoop}, url = {https://www.cyberscoop.com/coronavirus-hacking-disinformation-ransomware-spearphishing/}, language = {English}, urldate = {2021-05-31} } Hackers are still running coronavirus-related campaigns, CrowdStrike warns TRAVELING SPIDER

2020 ⋅ CrowdStrike ⋅ CrowdStrike @techreport{crowdstrike:2020:cyber:de17ed0, author = {CrowdStrike}, title = {{Cyber Front Lines Report}}, date = {2020}, institution = {CrowdStrike}, url = {https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeServicesCyberFrontLines.pdf}, language = {English}, urldate = {2021-05-31} } Cyber Front Lines Report OUTLAW SPIDER TRAVELING SPIDER

---

Credits: MISP Project