Grim Spider

Threat Actor Profile Updated 24 days ago
Download STIX
Preview STIX
GRIM SPIDER is a malicious threat actor, along with INDRIK SPIDER and BOSS SPIDER, that has been continuously operating in the cybersecurity landscape. These entities are responsible for executing actions with harmful intent, which could range from data breaches to deploying ransomware. The cybersecurity industry identifies these actors with unique names due to a lack of standardized naming conventions. GRIM SPIDER, in particular, has been associated with the deployment of Ryuk, a type of ransomware that emerged in August 2017. This association has resulted in some intrusion operations involving Ryuk being referred to as GRIM SPIDER operations. A common pattern observed across incident response investigations is the use of TrickBot, a banking Trojan, preceding the distribution of Ryuk ransomware, suggesting a strategic approach by the threat actor to maximize damage and profit. The Ryuk ransomware has proven to be a lucrative venture for its operators, including GRIM SPIDER. Falcon Intelligence tracks GRIM SPIDER and has reported significant immediate profits from campaigns that target large organizations. Given the success of these operations, it is expected that criminal actors like GRIM SPIDER will continue their activities in the near term, posing an ongoing threat to cybersecurity.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Grim Spider Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Big Game Hunting: The Evolution of INDRIK SPIDER From Dridex Wire Fraud to BitPaymer Targeted Ransomware
MITRE
a year ago
Credential Stealing Malware | Mandiant Research