Skeleton Spider

Threat Actor Profile Updated 2 months ago
Download STIX
Preview STIX
Skeleton Spider is a financially motivated threat actor that has been observed targeting POS machines used by retailers in Europe and the U.S. This threat actor was first identified two years ago and goes by other names such as FIN6 or ITG08. It employs the Golden Chickens service to anchor its intrusions, which enables it to gain unauthorized access to POS systems and steal payment card data. According to security intelligence reports, Skeleton Spider's activities have been ongoing since its initial discovery and have continued to evolve over time. In addition to its involvement in POS system breaches, this threat actor has also been linked to other cybercrime activities such as ransomware attacks and data theft. Furthermore, cybersecurity researchers have uncovered personal information about the threat actor, including the identities of their family members. This information could potentially aid in the identification and apprehension of the perpetrator(s) behind Skeleton Spider's operations, although it is not clear whether any progress has been made in this regard.
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Golden ChickensUnspecified
1
Golden Chickens, also known as More_eggs, is a sophisticated malware suite that was initially discovered in 2018. It is used by financially motivated cybercrime actors like the Cobalt Group and FIN6 to steal sensitive information such as intellectual property and geopolitical intelligence from compr
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
FIN6Unspecified
1
FIN6, also known as ITG08, Skelaton Spider, and MageCart, is a notorious threat actor that has been implicated in various cybercrime activities. The group gained notoriety for stealing credit cards through point-of-sale (POS) systems in retail and hospitality establishments, most notably in the Home
ITG08Unspecified
1
ITG08 is a notable threat actor in the cybersecurity landscape, known for its malicious activities and strategic partnerships with other threat actors. This group has been linked to a series of attacks through Tactics, Techniques, and Procedures (TTPs) consistent with their known modus operandi. Whi
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Skeleton Spider Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
Meet 'Jack' from Romania! Mastermind Behind Golden Chickens Malware