TRAVELING SPIDER

MISP

Type:
Unknown

Country:
Unknown

First seen:
Unknown

Details:

Crowdstrike Tracks the criminal developer of Nemty ransomware as TRAVELING SPIDER. The actor has been observed to take advantage of single-factor authentication to gain access to victim organizations through Citrix Gateway and send extortion-related emails using the victim’s own Microsoft Office 365 instance.

References (3)

cyberscoop.com - Coronavirus Hacking Disinformation Ransomware Spearphishing
crowdstrike.com - Ransomware Preparedness A Call To Action
go.crowdstrike.com - Report2020CrowdStrikeServicesCyberFrontLines.pdf

Metadata

ID:	308
Created:	13/01/2026 17:48
Updated:	11/03/2026 04:00