Solntsepek

Malware updated a month ago (2024-11-29T14:01:57.540Z)
Download STIX
Preview STIX
Solntsepek is a notorious malware associated with the Russian state-sponsored threat actor, Seashell Blizzard, which is affiliated with the GRU. The group has been identified by Microsoft as one of the three hacktivist groups that regularly interact with Seashell Blizzard, alongside InfoCentr and the Cyber Army of Russia. Solntsepek has also been linked to Sandworm, another group tied to Russia's military intelligence. Notably, following the Russian invasion in February 2022, there have been observable changes in tactics from these groups, including greater coordination and attention given to hacking groups serving as fronts, such as Zarya Hacknet and Solntsepek. The Ukrainian Cyber Alliance, a collective of hackers and various hacking groups in Ukraine, reported a noticeable uptick in cyber activities from Solntsepek since the invasion. Solntsepek claimed responsibility for a major cyber attack against Ukraine's largest telecommunications provider, disrupting operations and causing significant damage. The group reportedly destroyed 10 thousand computers, over 4 thousand servers, all cloud storage, and backup systems. This attack was focused primarily on entities providing services to Ukrainian government agencies and armed forces. CrowdStrike, a cybersecurity firm, believes that Sandworm and its affiliate Solntsepek were responsible for the attack. Solntsepek has previously claimed responsibility for the Kyivstar attack, and CrowdStrike tracks Sandworm under the alias VooDoo Bear. The group has used pro-Russian Telegram channels, including XakNet Team and Solntsepek, to claim responsibility for hacks and leak stolen information. Despite Solntsepek claiming responsibility, experts point to the strong likelihood of Sandworm group activities due to their historical connection.
Description last updated: 2024-04-17T15:15:36.824Z
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Sandworm is a possible alias for Solntsepek. Sandworm, a threat actor linked to Russia, has been identified as the primary cyber attack unit supporting Russian military activities in Ukraine. This group is notorious for its sophisticated and disruptive cyber attacks, including the compromise of 11 Ukrainian telecommunications providers which c
3
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Russia
Telegram
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Solntsepek Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more