Wizard Spider follows the corporate model in their attack operations

Wizard Spider Threat Group Cyberattack Operations APT Business Email Compromise BEC Phishing

Russian-based Wizard Spider gang had been investigated by security researchers, discovering some of the threat group’s internal attack infrastructure.

Based on the investigations, the Wizard Spider threat group is allegedly linked with two other hacking groups, Grip Spider and Lunar Spider. The gang operates their system under a complex set of sub-groups and implements a sophisticated professional work roadmap to attain momentum in its operations while maintaining security.

Most advanced persistent threat (APT) groups operate their infrastructure in business-style models to achieve more concrete attack campaigns, whether purely profit-motivated or state-backed. This professional business model of such groups includes hiring top candidates for the job and establishing a financial outline for their illicit monetary transactions.


Wizard Spider also adapts the business-style operation model, including returning some of their incomes into the operation to invest more in their tools, software, or for the salary of their members.


The recent report also revealed that Wizard Spider controls and commands their business’ assets, summing to hundreds of millions in dollars.

Through their massive budget to run their operation, the threat group can invest in advanced research and development initiatives, allowing them to upgrade their illicit cybercrime campaigns. Moreover, Wizard Spider is found to be fully capable of hiring specialist members, establishing a more sophisticated digital business system, and acquiring access to many complex exploits.

In almost every developed country, the threat group has established its name as a notorious threat working group that left a significant and damaging presence. Some sectors that Wizard Spider had hit include enterprise firms, hospitals, defence contractors, supply chain vendors, and utility providers.

The group mainly uses phishing attacks, Business Email Compromise schemes, and ransomware deployment in their campaigns. Wizard Spider also uses VPNs or virtual private networks and proxies to obfuscate their tracks.

Because of the many avenues where the notorious threat group can execute attacks, experts conclude that they are indeed capable of acquiring massive profit that they can utilise in strengthening their overall infrastructure.

Nevertheless, companies and organisations could remain safe against such sophisticated threats by implementing proper security measures and learning more about safeguarding their environment from cybercriminals.

About the author

Leave a Reply