Cyber Threat Actor: Sekhmet
| Actor Type | Location | Known Incidents |
Criminal
|
Russia
|
1 incident |
|---|
Profile
Sekhmet is a ransomware threat actor operating under that singular alias, with its activities publicly linked to Russia. The group gained visibility through a May 30, 2020 attack against Excis, an international IT firm providing security services to banking, military, and corporate clients. During this operation, Sekhmet exfiltrated data, deployed ransomware, and executed a coordinated pressure campaign to force ransom payment. Their public communications criticized Excis’s IT leadership by name—specifically director Finn Lyskov and IT manager Kunal Amodkar—while mocking the firm’s inability to secure its own infrastructure despite advertising services like firewall deployment and penetration testing. This targeting of an IT security provider suggests an interest in compromising organizations positioned to protect high-value sectors, though no broader sectoral or regional patterns are explicitly documented beyond this incident.
Sekhmet’s tactics center on data theft, restricted data leaks, and reputational coercion. In the Excis breach, they partially leaked stolen archives without passwords, threatening full access if ransom demands went unmet. They further amplified pressure by announcing intent to notify Excis’s clients about unprotected data on the firm’s servers, leveraging reputational damage as an extortion lever. The group publicly cited vulnerabilities exploited in the attack but did not disclose technical specifics. Their operations involved a dedicated leak site to broadcast claims and taunt victims, reflecting a preference for public shaming alongside financial extortion. No malware tooling beyond their namesake ransomware is referenced, and no collaborator groups or state affiliations are identified in available reporting. The Excis intrusion remains their only publicly detailed campaign, illustrating a focused but high-impact approach to compromising providers with access to sensitive client networks.
