Doppel Spider
Doppel Spider, also known as GOLD HERON, is a Russian-based cybercriminal group active since at least April 2019. They are infamous for operating ransomware families like DoppelPaymer and DoppelDridex, targeting organizations globally with sophisticated tactics.
Doppel Spider
Country of Origin
Members
Leadership
Doppel Spider TTPs
Tactics
Doppel Spider primarily focuses on financial gain through ransomware attacks, targeting high-value organizations.
Techniques
They employ phishing campaigns, malware distribution, and network reconnaissance to infiltrate and exploit systems.
Procedures
Their methods include deploying ransomware like DoppelPaymer and DoppelDridex, leveraging stolen credentials, and conducting data exfiltration.
Want to Shut Down Threats Before They Start?
Indicators of Compromise (IoCs)
Known IOCs include IP addresses, domains, and malware signatures associated with DoppelPaymer and DoppelDridex. These indicators are critical for identifying and mitigating threats.
Key Victims
Doppel Spider has targeted various industries, including healthcare, government, and critical infrastructure, with ransom demands reaching up to 250 BTC.
Notable Cyberattacks
One of their most significant operations involved a ransomware attack demanding 250 BTC, showcasing their ability to conduct high-stakes cybercrime.
Law Enforcement & Arrests
Law enforcement agencies, including Europol, have targeted Doppel Spider members, disrupting some of their operations.
How to Defend Against Doppel Spider
Implement robust email filtering to block phishing attempts.
Regularly update and patch systems.
Huntress solutions help protect organizations by monitoring endpoints, detecting intrusions, and mitigating Doppel Spider threats withenterprise-grade technology.
