Defending Against CORDIAL SPIDER and SNARKY SPIDER with Falcon Shield
ATT&CK techniques detected
T1566.002Spearphishing Link
75%
“defending against cordial spider and snarky spider with falcon shield since october 2025, crowdstrike counter adversary operations has observed a shift in intrusion tradecraft : threat actors are executing high - speed, saas - centric attacks that bypass traditional endpoint visi…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1528Steal Application Access Token
70%
“cordial spider and snarky spider impersonate it support and create urgency around account issues or security updates to direct employees to fraudulent aitm pages. these domains closely mimic legitimate corporate login portals ( e. g., < companyname > sso [. ] com, my < companynam…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1557.001Name Resolution Poisoning and SMB Relay
46%
“defending against cordial spider and snarky spider with falcon shield since october 2025, crowdstrike counter adversary operations has observed a shift in intrusion tradecraft : threat actors are executing high - speed, saas - centric attacks that bypass traditional endpoint visi…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1557Adversary-in-the-Middle
34%
“defending against cordial spider and snarky spider with falcon shield since october 2025, crowdstrike counter adversary operations has observed a shift in intrusion tradecraft : threat actors are executing high - speed, saas - centric attacks that bypass traditional endpoint visi…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…