| SYMBOL | COMMON_NAME | aka. SYNONYMS |
SnowSoul is a financially motivated threat actor active since at least early 2026, operating a low-ransom extortion scheme primarily targeting Chinese organizations. The actor sends extortion demands of around $2,000 USD, and when victims refuse to pay, leaks stolen data on hacker forums. Operations are tracked through numbered identifiers (e.g., SnowSoul ID-1265, ID-1270), suggesting a systematic, serial campaign.
There are currently no families associated with this actor.
| 2026-04-10
⋅
DailyDarkWeb
⋅
Guangdong Caiding Market Group Faces Data Breach After Extortion SnowSoul |
| 2026-04-02
⋅
DailyDarkWeb
⋅
SnowSoul Attack Hits Multiple Chinese Organizations SnowSoul |
| 2026-03-16
⋅
HackNotice
⋅
Hualun New Materials Suffers Massive Data Breach by SnowSoul SnowSoul |