Yverdon-les-Bains, Switzerland – 18 May, 2022 – Cybersecurity analyst firm PRODAFT has released a new report on the inner workings of the Wizard Spider cybercrime group, exposing its capabilities and command structure, which includes a complex set of sub-teams and groups, providing unprecedented visibility into the structure, background and motivations of Wizard Spider. This information will be of use to CISOs and security leads in understanding the threats posed by Wizard Spider and similar outfits.
The volume of threats against business data might seem so vast and random that it is easy to imagine large numbers of individual threat actors launching their automated attacks. But the reality is a small number of highly professional groups are responsible for much of the spam, devices launching DDoS attacks, and investing time and money in breaching high-value systems to launch crippling ransomware attacks.
One group at the head of this crime wave is Wizard Spider, an organization likely originating in Russia but with global ambitions. The report (https://www.prodaft.com/resource/detail/ws-wizard-spider-group-depth-analysis) covers everything related with the criminal organization in detail. A private version is available for law enforcement and other agencies.
Technical and statistical analysis
PRODAFT’s research aims to expose some of the actors within, and methods used, by Wizard Spider and its affiliates to create digital havoc around the world. The research revealed the secrets of many enterprise victims, and the different types of binaries in use by Wizard Spider and their financial and operational methods.
One impressive variation on the typical web-based attacks is Wizard Spider’s cold-calling VoIP used to phone people to scare them into paying up. The team also makes extensive use of VPNs and proxies to keep their work secret, but PRODAFT has made extensive efforts to de-anonymize them.
Most of Wizard Spider’s efforts go into hacking European and US businesses, with a special cracking tool used by some of their attackers to breach high-value targets. Some of the money they get is put back into the project to develop new tools and talent.
The group has huge numbers of compromised devices at its command and employs a highly distributed professional workflow to maintain security and a high operational tempo. Conservative estimates indicate that Wizard Spider commands hundreds of millions of dollars in assets.