Salty Spider
Description
(CrowdStrike) The pervasiveness of Salty Spider’s attacks has resulted in a long list of victims across the globe. While it seems, for the most part, that this adversary doesn’t single out particular nations and industries, there do appear to be a few pockets where SALTY SPIDER may be more prevalent.
In 2017, SALTY SPIDER ceased propagation of traditional proxy and spambot payloads, and shifted its sights towards the mining and theft of cryptocurrencies. This shift is likely an indicator that the cryptocurrency industry has proven to be a more lucrative area for monetizing Sality.
Names
| Name | Name-Giver |
|---|---|
| Salty Spider | CrowdStrike |
Country
Motivation
- Financial gain
First Seen
2003
Observed Countries
Tools
Operations
- 2014-04: DNS hijacking is still going strong and the Win32/Sality operators have added this technique to their long-lasting botnet. This blog post describes how the malware guesses router passwords as part of its campaign to misdirect users, send spam and infect new victims. https://www.welivesecurity.com/2014/04/02/win32sality-newest-component-a-routers-primary-dns-changer-named-win32rbrute/
- 2018-12: Sality has terrorized computer users since 2003, a year when personal digital assistants (PDAs) made tech headlines and office PCs ran Windows XP. Over the intervening years users traded their PDAs for smartphones and desktops migrated to newer operating systems and digital workplace solutions. Sality, however, survived the breakneck pace of technological innovation and continues to threaten organizations today. https://threatvector.cylance.com/en_us/home/cylance-vs-sality-malware.html
Information
Other Information
Uuid
f1ea7365-0f0a-44c5-afc4-13fdf0d874b7
Last Card Change
2020-04-14