Breaking

Researchers identify the details on Billion-Dollar Wizard Spider Cybercrime Gang

A new cyber criminal group called Wizard Spider has been exposed by security researchers, with details on its motive and organizational structure. The Wizard Spider is an hacking entity that targets European and US organizations with a unique hacking tool used to breach high value entities, said PRODAFT, a cybersecurity company based out of Switzerland.

Details on Wizard Spider Gang

This Wizard Spider aka Gold Blackburn is suspected to be from Russia and might be linked to the TrickBot Botnet, a modular malware which was discontinued this year and improvised with Bazarbackdoor.

The TrickBot operators have also been working with Conti-ransomware operators from Russia that sells RaaS for malicious operations. Gold Ultrick (aka Grim Spider) is the group that has been distributing the Conti ransomware is exploiting the access granted via TrickBot to deploy ransomware targeted networks.

“Gold Ulrick is comprised of some or all of the same operators as Gold Blackburn, the threat group responsible for the distribution of malware such as TrickBot, BazarLoader and Beur Loader,” Secureworks said in a profile of the cybercriminal syndicate.

The ideal attack chains begin with spam campaigns that distribute payloads such as Qakbot and SystemBC, using them as launchpads to drop further tools, including Cobalt Strike for lateral movement, before executing the locker software. Besides the above attack vector, Wizard Spifer is known to use exploitation toolkits that make use of recently disclosed vulnerabilities including Log4Shell to gain an initial foothold on the target networks.

The Wizard Spider group has also invested in a VoIP setup that can hire telephone operators to cold-call non-responsive victims in a bid to put extra pressure and force them to pay the ransom.

Last year, a similar act was reported by Microsoft about BazarLoader campaign dubbed BazaCall, when the campaign used phony call centers to lure unsuspecting victims into installing ransomware on their systems.

“The group has huge numbers of compromised devices at its command and employs a highly distributed professional workflow to maintain security and a high operational tempo,” the security researchers said.

Subscribe to our newsletter for daily alerts on cyber events, you can also follow us on Facebook, Linkedin, and Twitter. You can reach out to us via Twitter/ Facebook or mail us at admin@thecybersecuritytimes.com for advertising requests.

Share the article with your friends
William Marshal

William has been one of the key contributors to 'The Cybersecurity Times' with 9.5 years of experience in the cybersecurity journalism. Apart from writing, he also like hiking, skating and coding.

Recent Posts

Best Microsoft Intune Alternatives: Top 5 MDMs to Consider

Explore the top 5 best Microsoft Intune alternatives, comparing key features, user reviews, and capabilities…

2 days ago

Top 7 Best Smartphones with Best Security Features in 2024

Discover the top 7 smartphones of 2024 with best security features, offering privacy, performance, and…

3 weeks ago

Top 11 Log Management Tools for Efficient System Management

Discover the top 11 log management tools for efficient system management and monitoring. Learn about…

2 months ago

Top 5 Threat Intelligence Tools For 2024

Explore the top 5 threat intelligence tools, their features, and how they enhance cybersecurity against…

2 months ago

Privileged Access Management: 5 Best PAM Solutions in the Market

Explore the top 5 best PAM Tools, market trends, and expert insights to secure the…

2 months ago

Apple Device Management: Top Solutions for iOS and macOS Management

Explore the top solutions for Apple Device Management including to iOS Device Management and macOS…

2 months ago