Adversary

Twisted Spider

ORIGIN

Eastern Europe, Russian Federation

Community Identifiers

Maze Team

Twisted Spider is the criminal group behind the development and operation of Maze ransomware.

While the ransomware was first observed in May 2019, the group gained notoriety in November 2019 with their brazen attitude toward victims and their willingness to speak with security researchers as they began using Big Game Hunting (BGH) tactics to target organizations and businesses. While other actors have threatened to release data in the past if the ransom wasn’t paid, Twisted Spider has made this act their anthem and created a dedicated leak site (DLS) if victims are unresponsive to the group or refuse to pay ransoms.

Maze ransomware has been observed distributed via exploit kits (EK), spam campaigns, and through acquiring RDP credentials for access. The group is capable of moving laterally and exfiltrating data for extortion. It is likely that Twisted Spider targets victims opportunistically and does not focus on specific sectors.While Maze ransomware could be operated as a ransomware-as-a-service (RaaS), it is more likely that Maze is being operated by a single group based on their interaction with the media and leakage of data at a central location.

On 1 November 2020, Twisted Spider published a press release indicating they were shutting down all operations related to Maze ransomware. It is possible that Twisted Spider—or a subsection of the criminal group—are responsible for the operation of both Egregor and Maze ransomware.

Technical Tradecraft

  • Gaining initial access via exploit kits, email delivery, or RDP access via open ports
  • Use of ChaCha and RSA-2048 encryption algorithms to encrypt file contents
  • Sends information about the victim system to a set of IP addresses, encrypted using ChaCha with a hard-coded key and a randomized nonce
  • Drops a ransom note in each directory that files have been encrypted named DECRYPT-FILES.txt

Targeted Nations

  • Flag Icon of the country Algeria

    Algeria

  • Flag Icon of the country Argentina

    Argentina

  • Flag Icon of the country Australia

    Australia

  • Flag Icon of the country Austria

    Austria

  • Flag Icon of the country Belgium

    Belgium

  • Flag Icon of the country Brazil

    Brazil

  • Flag Icon of the country Canada

    Canada

  • Flag Icon of the country China

    China

  • Flag Icon of the country Colombia

    Colombia

  • Flag Icon of the country Costa Rica

    Costa Rica

  • Flag Icon of the country Czech Republic

    Czech Republic

  • Flag Icon of the country Denmark

    Denmark

  • Flag Icon of the country Egypt

    Egypt

  • Flag Icon of the country France

    France

  • Flag Icon of the country Germany

    Germany

  • Flag Icon of the country Hong Kong

    Hong Kong

  • Flag Icon of the country India

    India

  • Flag Icon of the country Italy

    Italy

  • Flag Icon of the country Japan

    Japan

  • Flag Icon of the country Kenya

    Kenya

  • Flag Icon of the country Luxembourg

    Luxembourg

  • Flag Icon of the country Macedonia

    Macedonia

  • Flag Icon of the country Netherlands

    Netherlands

  • Flag Icon of the country Nigeria

    Nigeria

  • Flag Icon of the country Norway

    Norway

  • Flag Icon of the country Oman

    Oman

  • Flag Icon of the country Puerto Rico

    Puerto Rico

  • Flag Icon of the country Saudi Arabia

    Saudi Arabia

  • Flag Icon of the country Singapore

    Singapore

  • Flag Icon of the country South Africa

    South Africa

  • Flag Icon of the country South Korea

    South Korea

  • Flag Icon of the country Spain

    Spain

  • Flag Icon of the country Sri Lanka

    Sri Lanka

  • Flag Icon of the country Switzerland

    Switzerland

  • Flag Icon of the country Thailand

    Thailand

  • Flag Icon of the country United Arab Emirates

    United Arab Emirates

  • Flag Icon of the country United Kingdom

    United Kingdom

  • Flag Icon of the country United States

    United States

  • Flag Icon of the country Vietnam

    Vietnam

Artwork

Adversary: Twisted Spider - Threat Actor

Crowdstrike Twisted Spider

I have read and accept the terms and conditions

Download
Explore Next Adversary

Terms and conditions

In order to download the adversary artwork, we kindly request you to accept our terms and conditions displayed below.

This image (“artwork”), is the intellectual property of CrowdStrike, Inc. and its affiliates and licensors (collectively, “us” or “we”) and may include other marks, trademarks, copyrighted materials, and other intellectual property (“assets”) that belong t o us, including, without limitation, CrowdStrike, the CrowdStrike logo, and CrowdStrike Falcon. We retain all right, title and interest in and to the artwork and all assets included therein. This artwork is offered to you as a convenience for your lawful a nd non-commercial use, solely as authorized by us, and subject to your compliance with these terms and conditions (“terms”) and any other guidelines or specifications that we may provide from time to time. We reserve the right to change these terms at any time without prior notice.

You should periodically check the latest information posted herein to be sure that you are in compliance. By downloading the artwork, you attest that you are at least 18 years of age and agree to the following terms, which const itute the sole and entire agreement between you and us with respect to the artwork. We reserve all rights not expressly granted to you herein. You may not use or display the artwork in any way: (i) that violates the rights of any person or entity or that may give rise to civil or criminal liability under laws or regulations applicable to you, another user, and/or CrowdStrike; (ii) that is defamatory, obscene, indecent, abusive, harassing, violent, hateful, inflammatory or otherwise objectionable; (iii) tha t is false, deceptive, misleading or fraudulent, including but not limited to: (a) any attempt to impersonate any person or entity, including any other user, CrowdStrike or a CrowdStrike employee; (b) any attempt to misrepresent your identity or affiliation with any person or organization; or (iv) for the purposes of recruiting, advertising, solicitation or commercial activities of any kind without our express written consent.

THE ARTWORK IS PROVIDED TO YOU BY CROWDSTRIKE ON AN “AS IS” AND “AS AVAILABLE” BA SIS, WITHOUT ANY WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED. EXCEPT TO THE EXTENT THAT A DISCLAIMER OF LIABILITY IS PROHIBITED UNDER APPLICABLE LAW, IN NO EVENT WILL CROWDSTRIKE, ITS AFFILIATES AND ITS LICENSORS, EMPLOYEES, AGENTS, OFFICERS AND DIRE CTORS BE LIABLE FOR DAMAGES OF ANY KIND, UNDER ANY LEGAL THEORY, ARISING OUT OF OR IN CONNECTION WITH YOUR USE, OR INABILITY TO USE, THE ARTWORK.