| SYMBOL | COMMON_NAME | aka. SYNONYMS |
SnowSoul is a financially motivated threat actor active since at least early 2026, operating a low-ransom extortion scheme primarily targeting Chinese organizations. The actor sends extortion demands of around $2,000 USD, and when victims refuse to pay, leaks stolen data on hacker forums. Operations are tracked through numbered identifiers (e.g., SnowSoul ID-1265, ID-1270), suggesting a systematic, serial campaign.
There are currently no families associated with this actor.
There are currently no references.