A new cyber criminal group called Wizard Spider has been exposed by security researchers, with details on its motive and organizational structure. The Wizard Spider is an hacking entity that targets European and US organizations with a unique hacking tool used to breach high value entities, said PRODAFT, a cybersecurity company based out of Switzerland.
This Wizard Spider aka Gold Blackburn is suspected to be from Russia and might be linked to the TrickBot Botnet, a modular malware which was discontinued this year and improvised with Bazarbackdoor.
The TrickBot operators have also been working with Conti-ransomware operators from Russia that sells RaaS for malicious operations. Gold Ultrick (aka Grim Spider) is the group that has been distributing the Conti ransomware is exploiting the access granted via TrickBot to deploy ransomware targeted networks.
“Gold Ulrick is comprised of some or all of the same operators as Gold Blackburn, the threat group responsible for the distribution of malware such as TrickBot, BazarLoader and Beur Loader,” Secureworks said in a profile of the cybercriminal syndicate.
The ideal attack chains begin with spam campaigns that distribute payloads such as Qakbot and SystemBC, using them as launchpads to drop further tools, including Cobalt Strike for lateral movement, before executing the locker software. Besides the above attack vector, Wizard Spifer is known to use exploitation toolkits that make use of recently disclosed vulnerabilities including Log4Shell to gain an initial foothold on the target networks.
The Wizard Spider group has also invested in a VoIP setup that can hire telephone operators to cold-call non-responsive victims in a bid to put extra pressure and force them to pay the ransom.
Last year, a similar act was reported by Microsoft about BazarLoader campaign dubbed BazaCall, when the campaign used phony call centers to lure unsuspecting victims into installing ransomware on their systems.
“The group has huge numbers of compromised devices at its command and employs a highly distributed professional workflow to maintain security and a high operational tempo,” the security researchers said.
Subscribe to our newsletter for daily alerts on cyber events, you can also follow us on Facebook, Linkedin, and Twitter. You can reach out to us via Twitter/ Facebook or mail us at admin@thecybersecuritytimes.com for advertising requests.
Explore the top 5 best Microsoft Intune alternatives, comparing key features, user reviews, and capabilities…
Discover the top 7 smartphones of 2024 with best security features, offering privacy, performance, and…
Discover the top 11 log management tools for efficient system management and monitoring. Learn about…
Explore the top 5 threat intelligence tools, their features, and how they enhance cybersecurity against…
Explore the top 5 best PAM Tools, market trends, and expert insights to secure the…
Explore the top solutions for Apple Device Management including to iOS Device Management and macOS…