Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 20:43:51 UTC
 Other threat group: Shark Spider
Names Shark Spider (CrowdStrike)
Country Russia
Motivation Financial crime
First seen 2011
Description
(Kaspersky) Recently Kaspersky Lab has contributed to an alliance of law
enforcement and industry organizations, to undertake measures against the internet
domains and servers that form the core of an advanced cybercriminal infrastructure
that uses the Shylock Trojan to attack online banking systems around the globe.
Shylock is a banking Trojan that was first discovered in 2011. It utilizes man-in-the-browser attacks designed to pilfer banking login credentials from the PCs of clients
of a predetermined list of target organizations. Most of these organizations are
banks, located in different countries.
Observed
Sectors: Financial.
Countries: Worldwide.
Tools used Shylock.
Operations performed Jan 2013
New Version of Shylock Malware Spreading Through Skype
Counter operations Jul 2014
Global action targeting Shylock malware
Information Last change to this card: 14 April 2020
Download this actor card in PDF or JSON format
https://apt.etda.or.th/cgi-bin/showcard.cgi?u=c967a0bb-d7ec-4955-83ca-8b90172ef9af
Page 1 of 2

Source: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=c967a0bb-d7ec-4955-83ca-8b90172ef9af
https://apt.etda.or.th/cgi-bin/showcard.cgi?u=c967a0bb-d7ec-4955-83ca-8b90172ef9af
Page 2 of 2