Suspected Russian hacking group Wizard Spider has been operating with a significant arsenal of compromised devices and a complicated but highly distributed workflow, according to ZDNet
Hundreds of millions of dollars worth of assets have been amassed by Wizard Spider throughout its operation, showed a report from PRODAFT, which added that the hacking group does not only have substantial presence in nearly all developed countries but also in numerous emerging economies.
Wizard Spider has been found to commonly leverage QBot and SystemBC proxy in spam and phishing attacks against healthcare providers, enterprise companies, defense contractors, critical utility vendors, and supply chain providers.
The report also noted that Cobalt Strike has been used by Wizard Spider to facilitate Conti ransomware
deployment, with virtual private networks and proxies leveraged to conceal activity.
"The Wizard Spider team has shown itself capable of monetizing multiple aspects of its operations. It is responsible for an enormous quantity of spam on hundreds of millions of devices, as well as concentrated data breaches and ransomware attacks on high-value targets," said researchers.