🕷️Two weeks ago I published a blog post on ALPHA SPIDER affiliates TTPs. This blog post highlights various and never publicly disclosed techniques used by several of their affiliates to:
- gain initial access;
- achieve persistence;
- obtain credentials;
- evade defenses;
- exfiltrate data.

Even if ALPHA SPIDER recently decided to shutdown their RaaS platform -in what looks like an exit scam to defraud their own partners-, their affiliates will likely just move to another RaaS and continue running their criminal operations.

« Sharing is caring », so do not hesitate to have a look at the blog post to leverage shared insights from the frontline to improve your threat detection capabilities and keep your network secure from destructive attacks! https://www.crowdstrike.com/blog/anatomy-of-alpha-spider-ransomware/