Meet LUNAR SPIDER: The Inner Workings of an eCrime Adversary

To anticipate threat actors’ behavior, we must understand them. That’s why CrowdStrike closely tracks the evolution and activity of 257 named adversaries, including the eCrime actor LUNAR SPIDER.



“They almost behave like a startup; they’re constantly testing and innovating and developing what they’re doing,” Adam says of the group. “It’s an interesting paradigm when you think about how these eCrime actors operate.”



In this episode, Adam and Cristian take a deep dive into the inner workings of LUNAR SPIDER, discussing their role in the complex eCrime ecosystem, their collaboration with other adversaries, and the evolution of their techniques, including changes to the BokBot/IcedID malware over time and their eventual transition to the Lotus loader. Tune in to learn what defenders should know about this threat actor’s behavior and how to defend against their evolving activity.



Learn more about the eCrime ecosystem in this infographic.