Solntsepek

Malware Profile Updated 2 months ago
Download STIX
Preview STIX
Solntsepek is a notorious malware associated with the Russian state-sponsored threat actor, Seashell Blizzard, which is affiliated with the GRU. The group has been identified by Microsoft as one of the three hacktivist groups that regularly interact with Seashell Blizzard, alongside InfoCentr and the Cyber Army of Russia. Solntsepek has also been linked to Sandworm, another group tied to Russia's military intelligence. Notably, following the Russian invasion in February 2022, there have been observable changes in tactics from these groups, including greater coordination and attention given to hacking groups serving as fronts, such as Zarya Hacknet and Solntsepek. The Ukrainian Cyber Alliance, a collective of hackers and various hacking groups in Ukraine, reported a noticeable uptick in cyber activities from Solntsepek since the invasion. Solntsepek claimed responsibility for a major cyber attack against Ukraine's largest telecommunications provider, disrupting operations and causing significant damage. The group reportedly destroyed 10 thousand computers, over 4 thousand servers, all cloud storage, and backup systems. This attack was focused primarily on entities providing services to Ukrainian government agencies and armed forces. CrowdStrike, a cybersecurity firm, believes that Sandworm and its affiliate Solntsepek were responsible for the attack. Solntsepek has previously claimed responsibility for the Kyivstar attack, and CrowdStrike tracks Sandworm under the alias VooDoo Bear. The group has used pro-Russian Telegram channels, including XakNet Team and Solntsepek, to claim responsibility for hacks and leak stolen information. Despite Solntsepek claiming responsibility, experts point to the strong likelihood of Sandworm group activities due to their historical connection.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Sandworm
3
Sandworm, a threat actor linked to Russia, is known for its malicious cyber activities. These actions have been characterized by significant breaches and disruptions, primarily targeting Ukrainian entities. This group has demonstrated advanced capabilities, including the use of fileless attacks as d
Voodoo Bear
1
VOODOO BEAR, also known as Sandworm, Seashell Blizzard, and other names such as Iridium, Iron Viking, Telebots, and APT44, is a highly advanced threat actor with a suspected nexus to the Russian Federation. First identified in January 2018, this group has been active since 2000 and operates under th
Seashell Blizzard
1
Seashell Blizzard, also known as Iridium, Sandworm, Voodoo Bear, and APT44, is a state-sponsored threat actor group affiliated with the Russian military intelligence service (GRU). Microsoft has identified this group as distinct from other Advanced Persistent Threat (APT) groups operating under the
Sandworm Team
1
The Sandworm Team, a threat actor associated with Russia's military intelligence-linked group, has demonstrated significant capabilities in developing custom malware to target Operational Technology (OT) and Industrial Control Systems (ICSs). Since at least 2015, the team has used the "BlackEnergy"
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Russia
Telegram
Microsoft
Blizzard
State Sponso...
Ukraine
Kyivstar
Cyberscoop
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Xaknet TeamUnspecified
1
XakNet Team is a notable threat actor that has emerged amidst the escalation of conflict in Ukraine. This group, along with other self-proclaimed hacktivist groups such as CyberArmyofRussia_Reborn and Infoccentr, have surfaced since the beginning of the war, engaging in malicious cyber activities. X
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Solntsepek Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
BankInfoSecurity
3 months ago
The Global Menace of the Russian Sandworm Hacking Team
Checkpoint
4 months ago
25th March – Threat Intelligence Report - Check Point Research
DARKReading
5 months ago
Microsoft Threat Report: How Russia’s War on Ukraine Is Impacting the Global Cybersecurity Community
CERT-EU
6 months ago
Russian Hackers Orchestrate Ukrainian Telecom Giant Attack
CERT-EU
a year ago
Pro-Russian hackers remain active amid Ukraine counteroffensive
Checkpoint
7 months ago
18th December – Threat Intelligence Report - Check Point Research
CERT-EU
6 months ago
Russia's Sandworm blamed for Kyivstar telecom cyberattack
CERT-EU
6 months ago
Russian hackers wiped thousands of systems in KyivStar attack
CERT-EU
6 months ago
Russian hackers reportedly breached telecom network months before attack
CERT-EU
6 months ago
Russian Hackers Breached Ukraine Telecoms Giant Months Before Major Cyberattack: Report | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
6 months ago
Critical Infrastructure Remains the Brass Ring for Cyber Attackers in 2024
CERT-EU
7 months ago
Kyivstar Restores Full Services After Massive Hacker Attack | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
7 months ago
Cyberattack on Ukraine’s Kyivstar Seems to Be Russian Hacktivists
CERT-EU
7 months ago
Ukraine’s Largest Telecommunication Provider Paralysed by a Massive Cyberattack