 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
Other threat group: Zombie Spider| Names | Zombie Spider (CrowdStrike) | |
| Country |  Russia | |
| Motivation | Financial gain | |
| First seen | 2010 | |
| Description | (CrowdStrike) The primary threat actor, who was tracked by CrowdStrike as Zombie Spider, rose to prominence in the criminal underground under the moniker Peter Severa. The individual behind this handle is Peter Yuryevich LEVASHOV who was arrested in Spain when the final version of Kelihos was taken over in April 2017, and who recently pleaded guilty to operating the botnet for criminal purposes. For several years, pump-and-dump stock scams, dating ruses, credential phishing, money mule recruitment and rogue online pharmacy advertisements were the most common spam themes. In 2017, however, Kelihos was frequently used to spread other malware such as LuminosityLink, Zyklon HTTP, Neutrino, Nymaim, Gozi/ISFB, Panda Zeus, Kronos, and TrickBot. It was also observed spreading ransomware families including Shade, Cerber, and FileCrypt2. Kelihos has been observed to distribute TrickBot (Wizard Spider, Gold Blackburn) and Zeus Panda (Bamboo Spider, TA544). | |
| Observed | Countries: Worldwide. | |
| Tools used | Kelihos. | |
| Operations performed | Feb 2017 | Kelihos Spreads via USB Drives <https://www.securityweek.com/kelihos-spreads-usb-drives> |
| Counter operations | Mar 2012 | On Wednesday, March 21, 2012, security experts from Dell SecureWorks, CrowdStrike, Kaspersky, and the Honeynet Project initiated efforts to detect and disrupt the operations of a botnet known as Waledac/Kelihos (also known as Hlux). <https://www.secureworks.com/research/waledac-kelihos-botnet-takeover> |
| Apr 2017 | Justice Department Announces Actions to Dismantle Kelihos Botnet <https://www.justice.gov/opa/pr/justice-department-announces-actions-dismantle-kelihos-botnet-0> | |
| Jun 2021 | Russian National Convicted of Charges Relating to Kelihos Botnet <https://www.justice.gov/opa/pr/russian-national-convicted-charges-relating-kelihos-botnet> <https://therecord.media/kelihos-botnet-creator-sentenced-to-time-served/> | |
| Information | <https://www.crowdstrike.com/blog/inside-the-takedown-of-zombie-spider-and-the-kelihos-botnet/> <https://www.crowdstrike.com/blog/farewell-to-kelihos-and-zombie-spider/> <https://en.wikipedia.org/wiki/Kelihos_botnet> | |
Last change to this card: 09 August 2021
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |