19 January 2023

Russian darknet market Solaris hacked by rivals


Russian darknet market Solaris hacked by rivals

Solaris Market, a large darknet drug marketplace, has reportedly been hacked by its much smaller rival, the recently-launched Russian language drug marketplace known as Kraken (not affiliated with the legitimate crypto exchange of the same name).

Solaris is a relatively new Russian darknet drug market believed to be the successor to the now-defunct Hydra Market, the world's largest and oldest darknet marketplace that sold various illicit goods and services like illegal drugs, stolen financial information, fraudulent identification documents, BTC cash-out services, and SSH/VPN services, etc.

Solaris has been reportedly affiliated with Killnet, a pro-Kremlin hacktivist group known for its attacks on government institutions and private companies in several countries during the 2022 Russian invasion of Ukraine. According to a recent report from cybersecurity firm Hold Security, in his October 2022 interview with a Russian publication RT, KillMilk, the founder of Killnet, publicly thanked the Solaris group for their “huge support”.

Blockchain analytics company Elliptic reported on Tuesday that users who attempted to access Solaris after January 13 were redirected to the Kraken marketplace, which claimed to have successfully taken over Solaris’ infrastructure, GitLab repository and project source code, thanks to “several huge bugs in the code”.

The Kraken team, which is also believed to be pro-Kremlin, said that it took them three days to steal the clear text passwords and keys stored in Solaris' servers and disable their rival's Bitcoin server. Elliptic has confirmed there has been no movement in Solaris-affiliated bitcoin addresses since January 13.

Kraken said that the Solaris hack was “a response to aggression in our direction” and that “the same applies to others.”

Neither Solaris, nor Killnet have yet to comment.


Back to the list

Latest Posts

Russia-linked Nodaria APT adds new Graphiron infostealer to its toolkit

Russia-linked Nodaria APT adds new Graphiron infostealer to its toolkit

The new infostealer was observed in attacks targeting Ukrainian organizations.
8 February 2023
CISA releases tool to recover encrypted VMware ESXi servers

CISA releases tool to recover encrypted VMware ESXi servers

According to CISA’s list of bitcoin addresses, over 2,800 ESXi servers have been encrypted to date.
8 February 2023
Threat actors target Ukrainian government agencies with Remcos spyware

Threat actors target Ukrainian government agencies with Remcos spyware

The attack involves a phishing email ostensibly sent by Ukrtelecom, a major Ukrainian internet service provider.
8 February 2023