Wizard Spider
High ConfidenceCritical ThreatTrickBot Gang • UNC1878 • GOLD BLACKBURN • Grim Spider • DEV-0193
Wizard Spider is a sophisticated and financially motivated cybercrime group operating out of Russia. The group is known for its development and operation of the TrickBot banking trojan, which evolved into a delivery vehicle for other malware, most notably the Ryuk and Conti ransomware strains. Wizard Spider has been active since at least 2016 and is considered one of the most significant and prolific ransomware operators. Their operations are characterized by a high degree of professionalism and a clear organizational structure, enabling them to conduct large-scale and highly profitable attacks. The group's tactics have evolved over time, shifting from banking fraud to big-game hunting, where they target large enterprises and public institutions for multi-million dollar ransom payments. Wizard Spider is also known for its continuous development of new tools and techniques to evade detection and maximize the impact of their attacks. Their association with other prominent malware families like Emotet has further enhanced their capabilities, allowing for a multi-stage infection process that is difficult to defend against. The impact of Wizard Spider's activities has been substantial, causing significant financial losses and operational disruptions to a wide range of sectors globally. The group's decision to leak internal communications and data after initially supporting the ...
Wizard Spider is a sophisticated and financially motivated cybercrime group operating out of Russia. The group is known for its development and operation of the TrickBot banking trojan, which evolved into a delivery vehicle for other malware, most notably the Ryuk and Conti ransomware strains. Wizard Spider has been active since at least 2016 and is considered one of the most significant and prolific ransomware operators. Their operations are characterized by a high degree of professionalism and a clear organizational structure, enabling them to conduct large-scale and highly profitable attacks. The group's tactics have evolved over time, shifting from banking fraud to big-game hunting, where they target large enterprises and public institutions for multi-million dollar ransom payments. Wizard Spider is also known for its continuous development of new tools and techniques to evade detection and maximize the impact of their attacks. Their association with other prominent malware families like Emotet has further enhanced their capabilities, allowing for a multi-stage infection process that is difficult to defend against. The impact of Wizard Spider's activities has been substantial, causing significant financial losses and operational disruptions to a wide range of sectors globally. The group's decision to leak internal communications and data after initially supporting the ...
Target Sectors
Target Regions
Attributed to Cybercriminal (No State Sponsor) (Russia). Attribution confidence: High.
Future Outlook
Wizard Spider is expected to continue operations targeting Healthcare sectors.
First observed activity of Wizard Spider
Continued active operations