ETDA ThaiCERT
Report
Search
Home > List all groups > Shark Spider

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Other threat group: Shark Spider

NamesShark Spider (CrowdStrike)
CountryRussia Russia
MotivationFinancial crime
First seen2011
Description(Kaspersky) Recently Kaspersky Lab has contributed to an alliance of law enforcement and industry organizations, to undertake measures against the internet domains and servers that form the core of an advanced cybercriminal infrastructure that uses the Shylock Trojan to attack online banking systems around the globe.

Shylock is a banking Trojan that was first discovered in 2011. It utilizes man-in-the-browser attacks designed to pilfer banking login credentials from the PCs of clients of a predetermined list of target organizations. Most of these organizations are banks, located in different countries.
ObservedSectors: Financial.
Countries: Worldwide.
Tools usedShylock.
Operations performedJan 2013New Version of Shylock Malware Spreading Through Skype
<https://threatpost.com/new-version-shylock-malware-spreading-through-skype-011713/77416/>
Counter operationsJul 2014Global action targeting Shylock malware
<https://www.europol.europa.eu/newsroom/news/global-action-targeting-shylock-malware>
Information<https://securelist.com/shylockcaphaw-malware-trojan-the-overview/64599/>

Last change to this card: 14 April 2020

Download this actor card in PDF or JSON format

Previous: ShinyHunters
Next: Smoky Spider

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key