Security researchers at PRODAFT published the results of its investigation into Wizard Spider, a threat actor that is believed to be associated with the Grim Spider and Lunar Spider hacking groups. The report was released on Wednesday and details the group’s illegal activities, including the practice of hiring cold callers to scare victims into paying ransom demands following a cyberattack. PRODAFT stated that Wizard Spider is likely of Russian origin and operates infrastructure that is composed of a complex set of groups and employees. The group has huge numbers of compromised devices that it controls and maintains a highly distributed professional workflow.

PRODAFT stated that many sophisticated cybercriminal operations today operate under business style models, including a financial framework to deposit, transfer, and launder money gained from illicit activities. The report suggests that Wizard Spider may command hundreds of millions of dollars in assets, some of which may be used for new software, tools, and paying for new hires. PRODAFT found that the company used these assets to hire cold callers to scare ransomware victims into giving into ransom demands.

Read More: Wizard Spider hackers hire cold callers to scare ransomware victims into paying up