Menu
Browse

Cyber Threat Actor: Spammers

Aliases: 4 aliases
Actor Type Location Known Incidents
 Icon
Criminal
United States of America
2 incidents
Profile

The threat actor is known by several aliases including Spammers, Spammer, Spam King, and Spamming Cowboy. Open‑source reporting indicates the actor operates from the United States of America. These names have appeared in public alerts describing a series of wiki‑based compromises.

The actor’s observed targets include educational institutions, government bodies, and international service portals. Specifically, universities in the United States, a state government website in Brazil, and a European Union job‑portal service have been affected. The geographic spread shows activity across North America, South America, and Europe. The intrusions involve the creation of spam pages that advertise fake Fortnite gift cards and cheats. Those pages contain phishing forms intended to collect user names and passwords.

To achieve this, the actor exploits vulnerabilities in MediaWiki and TWiki installations to gain unauthorized access. Once inside, they upload malicious content that replaces legitimate pages with the spam and phishing material. No specific malware families or exploit kits have been publicly linked to these operations. The actor’s tooling appears limited to web‑shell uploads or direct file manipulation within the compromised wiki platforms. Representative incidents from April 2023 include the compromise of the University of Massachusetts‑Amherst wiki and the Brazilian state government site. Both events were part of a broader campaign that also hit additional academic and government sites as well as the EU job‑portal. The campaign demonstrates a pattern of targeting widely used collaborative platforms for large‑scale credential‑phishing efforts.

Incidents
Attributed incidents available to members
2 incidents
Sources
Sources available to members
0 sources