ALPHA SPIDER, the group behind Alphv ransomware-as-a-service (RaaS), has been observed by CrowdStrike using innovative and varied techniques in ransomware operations over the past year. Affiliates of ALPHA SPIDER have exploited vulnerabilities such as NTFS Alternate Data Streams and network configuration tampering to evade detection and gain persistence within targeted networks. They have also been noted for their ability to perform attacks with speed, leveraging dual-purpose tools and legitimate user accounts to conduct malicious activities. Despite their sophisticated methods, these affiliates often lack rigorous operational security measures, which provides defenders opportunities to detect and mitigate threats. CrowdStrike's investigations have highlighted their persistent efforts to exfiltrate data using multiple methods and tools, underscoring the need for robust endpoint protection and timely incident response to counteract their activities effectively.