Venomous Bear

Threat Actor updated 6 months ago (2024-05-18T00:17:31.708Z)
Download STIX
Preview STIX
Venomous Bear, also known as Turla, Urobouros, Snake, and other names, is a threat actor group attributed to Center 16 of the Federal Security Service (FSB) of the Russian Federation. The group has been active since at least 2004, targeting diplomatic and government organizations, as well as private businesses in various regions including the Middle East, Asia, Europe, North and South America, and former Soviet bloc nations. Their activities have included cyberespionage and the deployment of ransomware, with notable incidents such as a damaging hack of Germany’s Foreign Ministry in 2017. Recently, Venomous Bear has focused its efforts on the Information Technology industry, specifically targeting Dragos. They have utilized a malware known as "Snake" or "Urobouros," which was identified in a search of information associated with computers constituting the Snake Malware Network. In addition to this, they have also employed a novel backdoor in their attacks named "TinyTurla-NG," which has been used against several non-governmental organizations across Poland between December and late January. Despite the long-standing attribution of certain campaigns to Venomous Bear, recent research suggests that some operations previously connected to the group were actually conducted by an entirely separate entity named "Tomiris." This revelation underscores the complexity and evolving nature of the threat landscape. Moreover, it highlights the need for continuous vigilance and the development of robust cybersecurity strategies to mitigate the risks posed by these sophisticated threat actors.
Description last updated: 2024-05-18T00:15:43.623Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Turla is a possible alias for Venomous Bear. Turla, a threat actor linked to Russia, is known for its sophisticated cyber espionage operations. The group has been associated with numerous high-profile attacks, often utilizing advanced backdoors and fileless malware for infiltration and persistence. Turla's tactics, techniques, and procedures (
6
Uroburos is a possible alias for Venomous Bear. Uroburos, also known as Snake, Turla, Pensive Ursa, and Venomous Bear, is a sophisticated malware linked to the Russian Federal Security Service (FSB). The development of this malicious software began in late 2003, with its operations traced back to at least 2004. Uroburos is part of a broader arsen
5
Waterbug is a possible alias for Venomous Bear. Waterbug, also known as Turla, Venomous Bear, and several other names, is a cyberespionage group closely affiliated with the FSB Russian intelligence agency. The group has been active since at least 2004, targeting a variety of sectors including government entities, intelligence agencies, military,
3
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
Malware
Backdoor
Crowdstrike
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The TinyTurla Malware is associated with Venomous Bear. TinyTurla is a form of malware, malicious software designed to infiltrate and damage computer systems without the user's knowledge. It can enter systems via suspicious downloads, emails, or websites, and once inside, it has the potential to steal personal information, disrupt operations, or hold datUnspecified
2
The Kazuar Malware is associated with Venomous Bear. Kazuar is a sophisticated multiplatform trojan horse malware that has been associated with the Russian-based threat group Turla, also known as Pensive Ursa, Uroburos, or Snake. This group, believed to be linked to the Russian Federal Security Service (FSB), has been operating since at least 2004 andUnspecified
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Krypton Threat Actor is associated with Venomous Bear. Krypton, also known as Secret Blizzard or UAC-0003, is a significant threat actor that has been associated with Russia's Federal Security Service (FSB). This Advanced Persistent Threat (APT) group has been active since at least 2004, targeting diplomatic and government organizations as well as privaUnspecified
2
Source Document References
Information about the Venomous Bear Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Securityaffairs
6 months ago
CERT-EU
9 months ago
DARKReading
9 months ago
Securityaffairs
9 months ago
DARKReading
a year ago
CERT-EU
a year ago
CrowdStrike
a year ago
CERT-EU
a year ago
BankInfoSecurity
a year ago
MITRE
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago