Security News > 2022 > May > Researchers Expose Inner Workings of Billion-Dollar Wizard Spider Cybercrime Gang

The inner workings of a cybercriminal group known as the Wizard Spider have been exposed, shedding light on its organizational structure and motivations.

The TrickBot operators have also extensively cooperated with Conti, another Russia-linked cybercrime group notorious for offering ransomware-as-a-service packages to its affiliates.

Gold Ulrick, as the group responsible for the distribution of the Conti ransomware is called, has historically leveraged initial access provided by TrickBot to deploy the ransomware against targeted networks.

"Gold Ulrick is comprised of some or all of the same operators as Gold Blackburn, the threat group responsible for the distribution of malware such as TrickBot, BazarLoader and Beur Loader," cybersecurity firm Secureworks notes in a profile of the cybercriminal syndicate.

In addition to leveraging a wealth of utilities for credential theft and reconnaissance, Wizard Spider is known to use an exploitation toolkit that makes use of recently disclosed vulnerabilities such as Log4Shell to gain an initial foothold into victim networks.

"The group has huge numbers of compromised devices at its command and employs a highly distributed professional workflow to maintain security and a high operational tempo," the researchers said.

News URL

https://thehackernews.com/2022/05/researchers-expose-inner-working-of.html