ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Home > List all groups > Salty Spider

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Other threat group: Salty Spider

NamesSalty Spider (CrowdStrike)
CountryRussia Russia
MotivationFinancial gain
First seen2003
Description(CrowdStrike) The pervasiveness of Salty Spider’s attacks has resulted in a long list of victims across the globe. While it seems, for the most part, that this adversary doesn’t single out particular nations and industries, there do appear to be a few pockets where SALTY SPIDER may be more prevalent.

In 2017, SALTY SPIDER ceased propagation of traditional proxy and spambot payloads, and shifted its sights towards the mining and theft of cryptocurrencies. This shift is likely an indicator that the cryptocurrency industry has proven to be a more lucrative area for monetizing Sality.
ObservedCountries: Worldwide.
Tools usedSality.
Operations performedApr 2014DNS hijacking is still going strong and the Win32/Sality operators have added this technique to their long-lasting botnet. This blog post describes how the malware guesses router passwords as part of its campaign to misdirect users, send spam and infect new victims.
Dec 2018Sality has terrorized computer users since 2003, a year when personal digital assistants (PDAs) made tech headlines and office PCs ran Windows XP. Over the intervening years users traded their PDAs for smartphones and desktops migrated to newer operating systems and digital workplace solutions. Sality, however, survived the breakneck pace of technological innovation and continues to threaten organizations today.

Last change to this card: 14 April 2020

Download this actor card in PDF or JSON format

Previous: Rocke, Iron Group
Next: Scully Spider, TA547

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]