Wicked Spider
| Actor Type | Criminal Group |
|---|---|
| Attributed to Nation | China |
| Directly Linked Intrusion Sets | Wicked Panda , APT41 |
| Associated Threat Actor | Chengdu 404 |
| Associated MITRE ATT&CK Group | APT41 (G0096) |
WICKED SPIDER is an intrusion set tracked by CrowdStrike.
The actor behind WICKED SPIDER operates with two distinct motivations: targeted intrusions (which CrowdStrike track under WICKED PANDA) and financially-driven criminal activities (WICKED SPIDER).
Initially focused on gaming companies, WICKED SPIDER evolved to engage in operations that align with the interests of the Chinese government, particularly through the malware known as Winnti (tracked as WICKED PANDA).
The group utilizes open-source and custom tools for network infection and lateral movement, targeting sectors like engineering, manufacturing, technology, chemicals, and think tanks.
The group has also been observed using PlugX malware and exploiting vulnerabilities such as ETERNALBLUE.
Cyber Threat Graph Context
Explore how this Intrusion Set relates to the wider threat graph