Common Aliases
SALTY SIDER is most commonly identified with the botnet it maintains (Sality) and it’s associated pseudonyms:
KuKu
SalLoad
Kookoo
SaliCode
Kukacka
SALTY SPIDER’s Origins
SALTY SPIDER is an eCrime group whose actions likely indicate that it’s operating out of Russia – specifically in the Republic of Bashkortostan, a region close to the Kazakhstan border. This adversary has been linked to a botnet known as Sality, which is a polymorphic file infector first discovered in 2003.
Since 2008, the initial botnet has been superseded by at least three more advanced peer-to-peer (P2P) versions. Beginning in the Summer of 2017, the botnet’s population grew significantly when it began exploiting the ETERNALBLUE vulnerability. Today, the latest versions of Sality are still both prevalent and formidable.
SALTY SPIDER’s Targets
The pervasiveness of Salty Spider’s attacks has resulted in a long list of victims across the globe. While it seems, for the most part, that this adversary doesn’t single out particular nations and industries, there do appear to be a few pockets where SALTY SPIDER may be more prevalent.
Target Nations
Generally, SALTY SPIDER does not appear to be selective when it comes to the nations it targets — the group’s activities have been observed worldwide. However, CrowdStrike has observed higher volumes of Sality v3 infections in Romania and high volumes of v4 activity in Venezuela. The reasoning for these higher pockets of activity in Romania and Venezuela remains unknown.
Target Industries
In 2017, SALTY SPIDER ceased propagation of traditional proxy and spambot payloads, and shifted its sights towards the mining and theft of cryptocurrencies. This shift is likely an indicator that the cryptocurrency industry has proven to be a more lucrative area ..
Support the originator by clicking the read the rest link below.
?){kind=link}