Uptime Hamster: 15d 5h 2mDeploy: 13 Jul 2026 08:04Updated: 2026-07-14
Logo del actor de amenaza LUNAR SPIDER

LUNAR SPIDER

0 incidentes 0 paises 0 sectores apt RU Ultimo: -
Aliases: GOLD SWATHMORE, IcedID (BokBot), está relacionado con actividades de Financial Crime
Ver en IntelTracker → APTTrail →
LUNAR SPIDER is a financially motivated, Russian-speaking cybercriminal group that emerged in April 2017 with the development and deployment of the BokBot (also known as IcedID) banking malware. Initially focused on credential theft and wire fraud through their malware-as-a-service offerings, the group has since evolved its operational model to become a prominent initial access broker within the cybercrime ecosystem. They are distinguished by their continuous development and adaptation of new malware loaders, such as Latrodectus, following disruptions to their earlier infrastructure, demonstrating a highly dynamic and business-like approach to their criminal enterprises. LUNAR SPIDER, also identified as GOLD SWATHMORE, frequently collaborates with other significant e-crime groups, including WIZARD SPIDER and affiliates of ALPHV/BlackCat, by providing initial network access to facilitate subsequent ransomware deployments.

Aliases del actor

GOLD SWATHMOREIcedID (BokBot)está relacionado con actividades de Financial Crime

Actores similares

lunar-spideractor · 1Scattered Spideractor · 2Indrik Spideractor · 1doppel-spideractor · 1salty-spideractor · 1brain-spideractor · 1skeleton-spideractor · 1bamboo-spideractor · 1andromeda-spideractor · 1cobalt-spideractor · 1

Canales, DLS e infraestructura asociada

Clasificacion automatica desde IntelTracker/APTTrail/OSINT. Estado real solo si viene indicado por la fuente.

TipoEstadoHost / enlaceTitle / ultimo titulo
DLS / leak siteunknownduckduckgo.comFrom a Single Click: How Lunar Spider Enabled a Near Two-Month Intrusion
Webunknownduckduckgo.comFrom a Single Click: How Lunar Spider Enabled a Near Two-Month Intrusion
Tecnicas MITRE
T1155 - AppleScript, T1003, T1190 - Exploit Public-Facing Application, T1548 - Abuse Elevation Control Mechanism, T1036 - Masquerading, T1071.001
CVEs relacionadas
CVE-2025-43400, CVE-2025-41244, CVE-2025-23121, CVE-2024-35966, CVE-2023-22527, CVE-2022-41123
Tipo
apt
Pais origen
RU
Motivacion
-
Impacto
53
Actualizado
Wed, 01 Ju

Sectores objetivo (SOCRadar)

FinanceInsuranceBankingInvestigation, Guard, and Armored Car Services