In a recent report, CrowdStrike Falcon Complete detailed a series of incidents involving the financially motivated eCrime group known as WIZARD SPIDER, which attempted to deploy ransomware by exploiting compromised external remote services like Microsoft Remote Desktop Protocol (RDP) and using tools such as Cobalt Strike. The Falcon Complete team observed a notable increase in the adversary's tactics, specifically RDP brute forcing, alongside their traditional phishing methods. CrowdStrike identified several tactics, techniques, and procedures (TTPs) that pointed to WIZARD SPIDER, including the use of Cobalt Strike stager DLLs in victim's directories and reconnaissance activity using Windows utilities. The team successfully detected, contained, and remediated the threat without disrupting client operations, highlighting the adversary’s evolving strategies such as leveraging Microsoft Office macros post-initial access to evade security measures. This incident underscores the importance of robust security practices, including multi-factor authentication and hardening remote services, as CrowdStrike continues to monitor and adapt to emerging threats.