G0102
G0102Wizard Spider
Description
[Wizard Spider](https://attack.mitre.org/groups/G0102) is a Russia-based financially motivated threat group originally known for the creation and deployment of [TrickBot](https://attack.mitre.org/software/S0266) since at least 2016. [Wizard Spider](https://attack.mitre.org/groups/G0102) possesses a diverse aresenal of tools and has conducted ransomware campaigns against a variety of organizations, ranging from major corporations to hospitals.(Citation: CrowdStrike Ryuk January 2019)(Citation: DHS/CISA Ransomware Targeting Healthcare October 2020)(Citation: CrowdStrike Wizard Spider October 2020)
References
- https://attack.mitre.org/groups/G0102
- https://us-cert.cisa.gov/ncas/alerts/aa20-302a
- https://www.fireeye.com/blog/threat-research/2019/01/a-nasty-trick-from-credential-theft-malware-to-business-disruption.html
- https://www.crowdstrike.com/blog/big-game-hunting-with-ryuk-another-lucrative-targeted-ransomware/
- https://www.crowdstrike.com/blog/timelining-grim-spiders-big-game-hunting-tactics/
- https://www.fireeye.com/blog/threat-research/2020/10/kegtap-and-singlemalt-with-a-ransomware-chaser.html
- https://www.crowdstrike.com/blog/wizard-spider-adversary-update/
- https://www.secureworks.com/research/threat-profiles/gold-blackburn
- https://www.mandiant.com/sites/default/files/2021-10/fin12-group-profile.pdf
- https://securityintelligence.com/posts/trickbot-gang-doubles-down-enterprise-infection/
Software attributed to this2
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Software | TrickBots0266 | 100% | live |
| Software | Diavols0659 | 100% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.