SnowSoul is a financially motivated threat actor active since at least early 2026, operating a low-ransom extortion scheme primarily targeting Chinese organizations. The actor sends extortion demands of around $2,000 USD, and when victims refuse to pay, leaks stolen data on hacker forums. Operations are tracked through numbered identifiers (e.g., SnowSoul ID-1265, ID-1270), suggesting a systematic, serial campaign.
References
Actor metadata imported from Malpedia (Fraunhofer FKIE).