WailingCrab, also known as WikiLoader, is a sophisticated, multi-component malware delivered almost exclusively by an initial access broker tracked as Hive0133, which overlaps with TA544. WailingCrab was first observed in December 2022, and since then it has been used extensively in email campaigns to deliver the Gozi backdoor often against Italian targets. In recent months, Hive0133 has targeted organizations beyond Italy with email campaigns delivering WailingCrab, frequently using themes such as overdue delivery or shipping invoices.

Click for details.