Cyber Resilience

Threat actor · all actors

Wizard SpiderG0102 state

🇷🇺 RU

aka Wizard Spider, UNC1878, TEMP.MixMaster, Grim Spider, FIN12, GOLD BLACKBURN, ITG23, Periwinkle Tempest, DEV-0193, Pistachio Tempest, DEV-0237

Last updated: 2026-07-03

1attributed CVEs
92ATT&CK techniques
1.2IDF score (tooling uniqueness)
0exclusive CVEs
2026years active

About this actor

[Wizard Spider](https://attack.mitre.org/groups/G0102) is a Russia-based financially motivated threat group originally known for the creation and deployment of [TrickBot](https://attack.mitre.org/software/S0266) since at least 2016. [Wizard Spider](https://attack.mitre.org/groups/G0102) possesses a diverse arsenal of tools and has conducted ransomware campaigns against a variety of organizations, ranging from major corporations to hospitals.(Citation: CrowdStrike Ryuk January 2019)(Citation: DHS/CISA Ransomware Targeting Healthcare October 2020)(Citation: CrowdStrike Wizard Spider October 2020)

Source: MITRE ATT&CK

Activity timeline

Profile

CVERiskCVSSEPSSPublishedProducts
CVE-2026-20929 5.57.50.01142026-01-13see CVE

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
SI-468 / 9274%
CM-661 / 9266%
AC-352 / 9257%
AC-651 / 9255%
AC-248 / 9252%
CM-248 / 9252%
CM-745 / 9249%
SI-342 / 9246%
CA-740 / 9243%
AC-538 / 9241%
IA-238 / 9241%
CM-537 / 9240%
SC-733 / 9236%
SI-732 / 9235%
AC-430 / 9233%

Co-occurring actors

Similar actors

Similar TTPs

Overlapping CVEs