jstnk9
commented
9 months ago The information added related to Wizard Spider was obtained from
- https://strapi.eurepoc.eu/uploads/Eu_Repo_C_APT_profile_Conti_Wizard_Spider_dc2a733e18.pdf (for countries affected)
- https://apt.etda.or.th/cgi-bin/showcard.cgi?g=Wizard%20Spider%2C%20Gold%20Blackburn&n=1 (for sectors affected)
- https://www.prodaft.com/m/reports/WizardSpider_TLPWHITE_v.1.4.pdf (as Profdat says "The PRODAFT Threat Intelligence (PTI) team has assembled this report to provide in-depth knowledge about Conti malware and the group of threat actors that use it. Our team identified the group as Wizard Spider, and obtained visibility into its operational environment")
adulau
Added suspected victims to Gelsemium Threat Actor based on the ESET report in this link: https://www.welivesecurity.com/2021/06/09/gelsemium-when-threat-actors-go-gardening/
The reference was already added.
They have a map with all the victims