Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Malware

SolarMarker (Infostealer) – Malware

June 13, 2024
Reading Time: 2 mins read
in Malware
SolarMarker (Infostealer) – Malware

SolarMarker

Type of Malware

Infostealer

Country of Origin

Russia

Date of initial activity

2020

Targeted Countries

United States
United Kingdom
Canada
Australia
India
Germany
France
Japan
South Korea
Brazil

Addittional Names

Jupyter, Polazert, Yellow Cockatoo

Associated Groups

APT28 (Fancy Bear)
APT29 (Cozy Bear)
Charming Kitten

Motivation

Finantial gain. To steal vast amounts of data that could be sold on criminal forums, leading to further exploitation and attacks

Attack Vectors

Jupyter infections use SEO poisoning and search engine redirects to encourage malicious file downloads. Common delivery methods include: malicious websites, drive-by downloads, and phishing emails. Users may unknowingly download Jupyter Infostealer when visiting compromised websites or by clicking on malicious ads. The most common applications used to download this malware are: Firefox, Chrome, and Edge web browsers.

Targeted Systems

Windows

Tools

Cobalt Strike
Metasploit Framework
PowerShell
Rclone

Overview

SolarMarker, a notorious piece of malware known for its information-stealing capabilities, has been evolving its multi-tiered infrastructure since its emergence in 2021. Also referred to as Yellow Cockatoo, Polazert, and Jupyter Infostealer, this malware targets various sectors, including education, healthcare, and small to medium-sized enterprises (SMEs). To evade detection, SolarMarker employs advanced techniques such as Authenticode certificates and large zip files.

Targets

Multiple sectors, including education, healthcare, government, hospitality, and small and medium-sized enterprises. The malware targets both individuals and organizations

How they operate

Since its inception in 2020, SolarMarker has demonstrated remarkable sophistication and resilience. The threat actors behind this malware have developed a multi-tiered infrastructure capable of quick reconstruction post-compromise. This agility allows SolarMarker to persist despite efforts from law enforcement and cybersecurity professionals to disrupt its operations. SolarMarker’s evasion techniques are particularly noteworthy. The use of Authenticode certificates gives a veneer of legitimacy to its malicious payloads, making it harder for security systems to identify and block them. Additionally, by utilizing large zip files, SolarMarker can bypass traditional antivirus software that may struggle to thoroughly scan such extensive files. The malware’s operations are structured around a layered infrastructure comprising at least two clusters: a primary cluster for active operations and a secondary cluster likely used for testing new strategies or targeting specific industries or regions. This separation enhances SolarMarker’s adaptability and resilience, complicating efforts to detect and eradicate it. Recorded Future’s Network Intelligence has identified a significant number of victims across multiple sectors, including education, healthcare, government, hospitality, and SMEs. SolarMarker targets both individuals and organizations, exfiltrating vast amounts of data that can be sold on criminal forums, leading to further exploitation and subsequent attacks.

MITRE Tactics and Techniques

TA0001: Initial Access TA0002: Execution TA0003: Persistence TA0005: Defense Evasion TA0006: Credential Access TA0007: Discovery TA0009: Collection TA0010: Exfiltration

Impact / Significant Attacks

Attack on Educational Institutions: Targeted multiple educational institutions to steal sensitive data and disrupt operations. Healthcare Sector Breach: Infiltrated healthcare organizations, leading to the exposure of patient records and other sensitive information. SME Compromise: Conducted attacks on small and medium-sized enterprises, aiming to extract financial and operational data. Government Agency Intrusion: Targeted government entities to gather classified or sensitive governmental information.
References
  • Exploring the Depths of SolarMarker’s Multi-tiered Infrastructure
  • Jupyter Rising: An Update on Jupyter Infostealer
Tags: EducationGovernmentHealthcareHospitalityinfostealerInfrastructureJupyter InfostealerMalwarePolazertSMEsSolarMarker
ADVERTISEMENT

Related Posts

Iranian Phishing Campaign (Scam) – Malware

Iranian Phishing Campaign (Scam) – Malware

March 2, 2025
Fake WalletConnect (Infostealer) – Malware

Fake WalletConnect (Infostealer) – Malware

March 2, 2025
SilentSelfie (Infostealer) – Malware

SilentSelfie (Infostealer) – Malware

March 2, 2025
Sniper Dz (Scam) – Malware

Sniper Dz (Scam) – Malware

March 2, 2025
TikTok Malware Scam (Trojan) – Malware

TikTok Malware Scam (Trojan) – Malware

March 2, 2025
Zombinder (Exploit Kit) – Malware

Zombinder (Exploit Kit) – Malware

March 2, 2025

Latest Alerts

Linux Core Dump Flaws Risk Password Leaks

GitHub Code Flaw Replicated By AI Models

Google Script Used In New Phishing Scams

EDDIESTEALER Uses Fake CAPTCHAs for Stealing

Fake AI Apps Drop Ransomware And Malware

OneDrive Flaw Gives Sites Full Data Access

Subscribe to our newsletter

    Latest Incidents

    Covenant Health Cyberattack Shuts Hospitals

    Moscow DDoS Attack Cuts Internet For Days

    Puerto Rico’s Justice Department Cyberattack

    State Actors Hit ConnectWise ScreenConnect

    Ivanti Flaw Hits NHS Staff and Patient Data

    Amalgamated Sugar Data Breach Exposes SSNs

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial