Threat Actor Profile
Doppel Spider
Doppel Spider, also known as GOLD HERON, is a Russian-based cybercriminal group active since at least April 2019. They are infamous for operating ransomware families like DoppelPaymer and DoppelDridex, targeting organizations globally with sophisticated tactics.
Threat Actor Profile
Doppel Spider
Country of Origin
Doppel Spider is believed to originate from the Russian Federation, as indicated by their operational patterns and affiliations.
Members
The exact number of members is unclear, but the group is suspected to be a splinter faction of INDRIK SPIDER, indicating a well-coordinated team with advanced capabilities.
Leadership
The leadership of Doppel Spider remains unknown. However, their operations suggest a highly organized and skilled team.
Doppel Spider TTPs
Tactics
Doppel Spider primarily focuses on financial gain through ransomware attacks, targeting high-value organizations.
Techniques
They employ phishing campaigns, malware distribution, and network reconnaissance to infiltrate and exploit systems.
Procedures
Their methods include deploying ransomware like DoppelPaymer and DoppelDridex, leveraging stolen credentials, and conducting data exfiltration.
Want to Shut Down Threats Before They Start?
Notable Cyberattacks
One of their most significant operations involved a ransomware attack demanding 250 BTC, showcasing their ability to conduct high-stakes cybercrime.
Law Enforcement & Arrests
Law enforcement agencies, including Europol, have targeted Doppel Spider members, disrupting some of their operations.
How to Defend Against Doppel Spider
Implement robust email filtering to block phishing attempts.
Regularly update and patch systems.
Huntress solutions help protect organizations by monitoring endpoints, detecting intrusions, and mitigating Fancy Bear threats withenterprise-grade technology.
Detect, Respond, Protect
See how the global Huntress SOC can augment your team
with 24/7 coverage and unmatched human expertise.
Start your free trial today.
