Don’t let overlooked obligations become incidents. Learn how.
Utility navigation bar redirect icon
Portal LoginSupportBlogContact
Search
Portal LoginSupportBlogContact
Search
Get a Demo
Start for Free
HomeThreat LibraryThreat Actors
Doppel Spider
Threat Actor Profile

Doppel Spider

Doppel Spider, also known as GOLD HERON, is a Russian-based cybercriminal group active since at least April 2019. They are infamous for operating ransomware families like DoppelPaymer and DoppelDridex, targeting organizations globally with sophisticated tactics.

Threat Actor Profile

Doppel Spider

Country of Origin

Doppel Spider is believed to originate from the Russian Federation, as indicated by their operational patterns and affiliations.

Members

The exact number of members is unclear, but the group is suspected to be a splinter faction of INDRIK SPIDER, indicating a well-coordinated team with advanced capabilities.

Leadership

The leadership of Doppel Spider remains unknown. However, their operations suggest a highly organized and skilled team.

Doppel Spider TTPs

Tactics

Doppel Spider primarily focuses on financial gain through ransomware attacks, targeting high-value organizations.

Techniques

They employ phishing campaigns, malware distribution, and network reconnaissance to infiltrate and exploit systems.

Procedures

Their methods include deploying ransomware like DoppelPaymer and DoppelDridex, leveraging stolen credentials, and conducting data exfiltration.

Want to Shut Down Threats Before They Start?

Schedule a Demo Today

Notable Cyberattacks

One of their most significant operations involved a ransomware attack demanding 250 BTC, showcasing their ability to conduct high-stakes cybercrime.

Law Enforcement & Arrests

Law enforcement agencies, including Europol, have targeted Doppel Spider members, disrupting some of their operations.

Glitch effectGlitch effect

How to Defend Against Doppel Spider

1

Implement robust email filtering to block phishing attempts.

2

Regularly update and patch systems.

3

Use endpoint detection and response (EDR) tools.

Huntress solutions help protect organizations by monitoring endpoints, detecting intrusions, and mitigating Doppel Spider threats withenterprise-grade technology.

References

Detect, Respond, Protect

See how the global Huntress SOC can augment your team
with 24/7 coverage and unmatched human expertise.
Start your free trial today.

Try Huntress for Free