HOMETHREATSVICE SPIDER
APT / THREAT GROUP💰 FINANCIALHIGH

VICE SPIDER

🇷🇺Russia-attributed
1
campaigns
1
aliases
Last seen:Mar 17, 2026

Intelligence Profile

Vice Spider is a Russian-speaking ransomware group that has been active since at least April 2021 and is linked to a significant increase in identity-based attacks, with a reported 583% rise in Kerberoasting incidents. CrowdStrike attributes 27% of these intrusions specifically to Vice Spider, which exploits vulnerabilities in the Kerberos authentication protocol to crack user passwords.

Threat Analysis

VICE SPIDER is a high-sophistication threat actor attributed to Russia, engaged in cyber operations with a primary motivation of financial.

Financially motivated threat actors like VICE SPIDER prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.

With high sophistication, VICE SPIDER is capable of targeted intrusions using adapted commodity tools alongside custom implants, maintaining operational security and evading standard detection mechanisms.

Known Campaigns

VICE SPIDER — Active Operations March 2026

VICE SPIDER is a financial threat actor attributed to Russia. Vice Spider is a Russian-speaking ransomware group that has been active since at least April 2021 and is linked to a significant increase in identity-based attacks, with a reported 583% rise in Kerberoasting incidents. CrowdStrike attributes 27% of these intrusions specifically t...

ACTIVEMEDIUM2026

External References

Quick Facts

TypeAPT / Threat Group
Motivation💰 financial
Sophisticationhigh
Origin🇷🇺 Russia
Aliases1
SourceMalpedia

Also Known As

VICE SPIDER

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.