Huntress Acquires Inside Agent: A New Era for Identity Protection
Portal LoginSupportContact
Search
Portal LoginSupportContact
Search
Get a Demo
Free Trial
HomeThreat Actors
Wandering Spider
Threat Actor Profile

Wandering Spider

Wandering Spider, active since at least April 2020, is a notorious Big Game Hunting (BGH) adversary. Known for their use of a variety of ransomware families, this group has been linked to sophisticated attacks targeting organizations of all sizes. Their notable tools include Black Basta, DoppelPaymer, and REvil, among others.

Threat Actor Profile

Wandering Spider

Country of Origin

Attribution to the Russian Federation is based on various intelligence assessments, including observed operational patterns, the linguistic characteristics of their communications, and the geographical focus of their early attacks.

Members

The size and identities of Wandering Spider members persist as unknown. The nature of their operations indicates a highly organized and possibly distributed group.

Leadership

Details regarding the specific leadership within Wandering Spider remain unclear. The structure of the group suggests collaboration with other ransomware affiliates or developers.

Wandering Spider TTPs

Wandering Spider employs advanced tactics, techniques, and procedures (TTPs) designed to maximize impact and revenue from their campaigns.

Tactics

  • Targeting businesses with high-value operations to demand large-scale ransoms (Big Game Hunting).

  • Gaining initial access through phishing campaigns aimed at exploiting user credentials.

Techniques

  • Delivering malware via email attachments or links persuading victims to execute malicious payloads.

  • Leveraging known vulnerabilities in networks to escalate access and deploy ransomware.

Procedures

  • Using tools like Black Basta to encrypt systems and display ransom notes.

  • Disabling security measures to prevent detection and remediation.

Want to Shut Down Threats Before They Start?

Schedule a Demo Todayright arrow

Notable Cyberattacks

Operations involving the use of Black Basta ransomware since April 2022.

Historical deployment of ransomware like Egregor and Maze, notorious for their data exfiltration techniques.

Law Enforcement & Arrests

There are no confirmed arrests or law enforcement actions against Wandering Spider to date. Their operations suggest a highly adaptive and evasive adversarial network.

How to Defend Against Wandering Spider

1

Enhanced email security to filter and block phishing attempts.

2

Regular patch management to address vulnerabilities before they’re exploited.

3

Network segmentation to limit the lateral movement during an attack.

4

Using a 24/7 managed detection platform, like the Huntress Managed Security Platform, to identify and respond to threats before they escalate.

Huntress solutions provide tailored tools to monitor and mitigate threats, enhance endpoint security, and reduce the likelihood of ransomware infiltrating your environment.

Schedule a Demo

References

Detect, Respond, Protect

See how the global Huntress SOC can augment your team
with 24/7 coverage and unmatched human expertise.
Start your free trial today.

Try Huntress for Free