Widely attributedUnknownShedding Zmiy
Russian-nexus threat actor targeting Russian critical infrastructure and government organisations with destructive attacks. Tracked by F.A.C.C.T. and associated with pro-Ukrainian or hacktivist motivations.
Attribution signal
?Score = mentions × confidence weight, summed across all attributed sources. Higher source diversity increases the score.≥ 10 High≥ 3 Moderate< 3 Low0.1
Low signal strength
Mentions1
Sources1
High conf.0
Last seenMay 2026
First observed
—
Last active
—
Origin
Russia
Aliases
1
Techniques
0
Campaigns
0
Russia
TargetsGovernmentCritical Infrastructure
RegionsRussiaEastern Europe
Attribution signals
1 mention · 1 source#1unspecified
Malware
solar4rays
May 2026