3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
SMESHARIKI HACKER GROUP

SMESHARIKI HACKER GROUP

ID: 95bcd06892e304511d11c862e7d22ea830659
Hacktivist Group Hacktivism
Threat types: Hacktivism, Intrusion, DDoS Attack, Data Leak, Pro-Russia
Russia UKR
Updated: 2026-03-14
Created: 2026-02-22
Progress: 83% Completeness: 88% Freshness: 70%
Operation zone: Ukraine
Aliases Limited alias preview
SHG SMESHARIKI См******* См*************
Showing 2 of 4 aliases in free preview.
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: medium
Actor Techniques page ATT&CK® Diagram

«Смешарики» (SMESHARIKI HACKER GROUP) is referenced in OSINT as a pro‑Russia hacktivist brand co-claiming incidents with Perunswaroga, including hack‑and‑leak narratives against Ukraine-linked services (veterans service in Dec 2025; MamaPapa clinics in Feb 2026) with claims of sensitive personal/medical data exposure and disruption pressure. Public reporting is claim-driven with limited victim-side telemetry; ATT&CK mapping is conservative, focusing on data collection/exfiltration claims and social-platform amplification. Intrusion methods are marked INFERENCE due to insufficient evidence.


Technique Technique name Tactics Evidence
T1585.001 Social Media Accounts TA0042
  • 2026-02-13 — Repost archives reflect Telegram-based claim amplification and statement distribution for the MamaPapa incident. · ref
  • 2026-02-09 — Reporting describes claims communicated by the actors to SecPost, consistent with Telegram-coordinated hacktivist ecosystems. · ref
T1567 Exfiltration Over Web Service TA0010
  • 2026-02-09 — Claimed exfiltration of ~73GB of sensitive data from MamaPapa clinics; treat as claim-driven without victim telemetry. · ref
  • 2025-12-29 — Claimed breach of Ukrainian veterans service and publication of screenshots; indicates data exposure intent. · ref
T1589 Gather Victim Identity Information TA0043
  • 2026-02-09 — Claims involve sensitive identity and medical-related personal data (passports, test results) per reporting; indicates victim identity information targeting/exposure. · ref
T1498 Network Denial of Service TA0040
  • 2026-02-09 — Site notice reportedly stated the site was blocked by «Смешарики»; suggests availability interference (claim-driven). · ref
Strategic Intelligence
Limited preview
Last updated: 2026-02-23T03:29:49+00:00

SMESHARIKI HACKER GROUP («Смешарики») — Pro‑Russia Hacktivist Brand (Hack‑and‑Leak Claims + DDoS/Disruption Messaging)

Classification: TLP: WHITE — Open Source Intelligence (OSINT)

Category: Cyber / Hybrid — Hacktivism (data-theft claims + disruption); Telegram‑amplified propaganda

Assessed home base: INFERENCE: Russia‑aligned ecosystem (confidence: medium)


Executive Summary

The entity branded as «Смешарики» is referenced in open reporting as a pro‑Russia hacktivist group involved in hack‑and‑leak style claims against Ukraine-linked targets. The most concrete, repeated OSINT references place «Смешарики» as a co-claimant with Perunswaroga in two separate narratives: (1) a claimed compromise of a Ukrainian service for veterans (December 2025) and (2) a claimed compromise of the Ukrainian DNA-testing clinic network MamaPapa (February 2026), including a stated large-volume data exfiltration claim and a public site notice attributing disruption to «Смешарики».

A critical analytic caveat is name collision: “Smeshariki/Смешарики” is also the name of a well-known Russian children’s cartoon brand. OSINT clearly uses the term as a hacktivist label in the incidents cited here, but defenders should avoid conflating unrelated entertainment channels or spam channels that reuse the same name.

Confidence is medium–high that «Смешарики» is an active brand used in pro‑Russia hacktivist claim ecosystems (multiple sources and cross-posts reference claims). Confidence is low–medium on the full scope of technical capability and the exact compromise method because publicly accessible victim-side telemetry is limited and the reporting is largely claim-driven.

Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Saved Limited preview

Executive Analyst Brief for Decision Makers — SMESHARIKI HACKER GROUP


Upgrade to access the full executive brief.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Saved Limited preview

Hunting Playbook — SMESHARIKI HACKER GROUP («Смешарики») (Hack‑and‑Leak Claims + Disruption Pressure)


Upgrade to access the full hunting playbook.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Saved Limited preview
Last updated: 2026-02-23T03:31:00+00:00

IOC Appendix (TLP:WHITE) — SMESHARIKI HACKER GROUP

Note: Reviewed OSINT for SMESHARIKI HACKER GROUP is claim- and reporting-driven, with limited stable technical IOCs (hashes, dedicated C2). This appendix prioritizes behavioral indicators relevant to hack-and-leak operations and availability pressure.

More IOC context for Research. Full appendix for Analyst and Premium plans.
IOC Appendix now
Saved successfully.
OSINT Library
Saved Limited preview
Last saved: 2026-02-23T03:31:13+00:00

OSINT Library — SMESHARIKI HACKER GROUP («Смешарики»)


2025-12-29 — SecPost — “Perunswaroga and «Смешарики» claim compromise of a Ukrainian veterans service; screenshots and end-2025 recency claim”

Full OSINT references available for Research / Analyst.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/1
Address Verification SOCMINT
t.me/sme************** Restricted Not integrated
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
Showing 1–2 of 2 images
Logo Free Preview
Logo
Logo Free Preview
Logo