Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
Also known as: Gold Heron, Grief Group, GOLD HERON
CrowdStrike Intelligence has identified a new ransomware variant identifying itself as BitPaymer. This new variant was behind a series of ransomware campaigns beginning in June 2019, including attacks against the City of Edcouch, Texas and the Chilean Ministry of Agriculture. We have dubbed this new ransomware DoppelPaymer because it shares most of its code with the BitPaymer ransomware operated by Indrik Spider . However, there are a number of differences between DoppelPaymer and BitPaymer, which may signify that one or more members of Indrik Spider have split from the group and forked the source code of both Dridex and BitPaymer to start their own Big Game Hunting ransomware operation. DoppelPaymer has been observed to be distributed by Smoke Loader (operated by Smoky Spider ) and Emotet (operated by Mummy Spider, TA542 ).
No exploited CVEs have been attributed to this threat actor yet.
Browse CVE Database