Menu
Browse

Cyber Threat Actor: Petya

Aliases: 2 aliases
Actor Type Location Known Incidents
 Icon
Criminal
Ukraine
1 incident
Profile

The threatactor is known by the aliases Petya and GoldenEye. Public reporting associates the actor with activity originating from Ukraine, though no further geographic details are confirmed. The actor is primarily recognized for deploying ransomware that encrypts victim systems and demands payment in cryptocurrency. The malware families associated with the actor share code similarities and have been observed in coordinated campaigns. These characteristics have led to the actor being referenced in discussions of ransomware threats.

Observed operations have affected a wide range of sectors including maritime logistics, manufacturing, energy, government agencies and food production. The geographic impact of the attacks has been global, with initial infections frequently reported in Ukrainian and Russian networks before spreading to Europe, Asia, Australia and the Americas. The ransomware’s extortion model points to a financial motive, while the widespread operational disruption highlights a secondary impact on critical infrastructure. Technical analysis shows the actor relies on exploiting Windows vulnerabilities, notably the EternalBlue exploit, to gain initial access and propagate the ransomware across networks. Public attribution of the actor to a specific state sponsor or criminal consortium has not been established in the available sources. One of the most widely reported campaigns attributed to Petya/GoldenEye occurred in June 2017, when the ransomware disrupted operations at a major shipping company and subsequently affected numerous other organizations worldwide. The June 2017 incident illustrates the actor’s capacity to produce rapid, cross‑border impact using ransomware tactics similar to those seen in contemporaneous WannaCry activity. No further details about the actor’s internal structure, funding or size are disclosed in the referenced material. This profile summarizes the confirmed facts regarding the Petya/GoldenEye threat actor as presented in the source information.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
0 sources