APT / THREAT GROUP💰 FINANCIAL
spring
1
aliases
Intelligence Profile
spring — tracked by MISP Galaxy (ransomware).
Threat Analysis
spring is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of financial.
Financially motivated threat actors like spring prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.
Intelligence Reports Mentioning spring
UK to require ID or face scan before you can make social media accounts
BleepingComputer· Jun 16, 2026
Great responsibility, without great power
Cisco Talos Blog· Apr 30, 2026
‘CanisterWorm’ Springs Wiper Attack Targeting Iran
Krebs on Security· Mar 23, 2026
From Misconfigured Spring Boot Actuator to SharePoint Exfiltration: How Stolen Credentials Bypass MFA
Trend Micro Research· Mar 17, 2026
Apache ActiveMQ Exploit Leads to LockBit Ransomware
The DFIR Report· Feb 23, 2026
Predator spyware hooks iOS SpringBoard to hide mic, camera activity
BleepingComputer· Feb 21, 2026
External References
Quick Facts
TypeAPT / Threat Group
Motivation💰 financial
Aliases1
Also Known As
spring
Research Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.