Adversary

Venomous Bear

ORIGIN

Russian Federation

Community Identifiers

Turla, KRYPTON, Uroboros, Snake, Waterbug, IRON HUNTER

Venomous Bear often adopts novel and sophisticated techniques to maintain operational security, including the use of a distinctive command-and-control network highly likely to be supported by Signals Intelligence (SIGINT) assets.

Initial network intrusion processes conducted by the adversary can also be characterized as particularly considerate of operational security concerns; their extensive use of Strategic Web Compromise (SWC) techniques are combined with several checks to identify, prioritize, and deploy malware only to specific targets. In cases where spearphishing techniques are used to deploy malware, the adversary will often deploy lightweight reconnaissance tooling to verify targeting before upgrading hosts to more sophisticated malware capability at a later time.

Their operations have been supported by a large number of custom-developed malware families uniquely attributable to the adversary, including Snake, Chinch, Skipper, Kazuar, and Gayzer. A number of tools employed by the adversary have broadly been derived from two main development code bases, although a diversified series of malware families have been developed and deployed since approximately 2015, likely to reduce their exposure to detection and attribution.

RECENT ACTIVITY

In 2019, Venomous Bear has continued to diversify their toolset, including the deployment of a new dropper and a malicious PowerShell script to deploy and install elements of its unique Chinch framework, and the introduction of .NET- and Python-based tooling in SWC operations. Continued targeting of Eastern European government institutions has also been identified, supported by the development of new variants of the Kazuar malware.

Targeted Nations

  • Flag Icon of the country Afghanistan

    Afghanistan

  • Flag Icon of the country Argentina

    Argentina

  • Flag Icon of the country Austria

    Austria

  • Flag Icon of the country Belarus

    Belarus

  • Flag Icon of the country Belgium

    Belgium

  • Flag Icon of the country Brazil

    Brazil

  • Flag Icon of the country Bulgaria

    Bulgaria

  • Flag Icon of the country Cyprus

    Cyprus

  • Flag Icon of the country Czech Republic

    Czech Republic

  • Flag Icon of the country Denmark

    Denmark

  • Flag Icon of the country Estonia

    Estonia

  • Flag Icon of the country Finland

    Finland

  • Flag Icon of the country France

    France

  • Flag Icon of the country Georgia

    Georgia

  • Flag Icon of the country Germany

    Germany

  • Flag Icon of the country Hungary

    Hungary

  • Flag Icon of the country India

    India

  • Flag Icon of the country Iraq

    Iraq

  • Flag Icon of the country Italy

    Italy

  • Flag Icon of the country Jordan

    Jordan

  • Flag Icon of the country Kazakhstan

    Kazakhstan

  • Flag Icon of the country Kuwait

    Kuwait

  • Flag Icon of the country Latvia

    Latvia

  • Flag Icon of the country Lithuania

    Lithuania

  • Flag Icon of the country Moldova

    Moldova

  • Flag Icon of the country Montenegro

    Montenegro

  • Flag Icon of the country Netherlands

    Netherlands

  • Flag Icon of the country Poland

    Poland

  • Flag Icon of the country Qatar

    Qatar

  • Flag Icon of the country Romania

    Romania

  • Flag Icon of the country Russian Federation

    Russian Federation

  • Flag Icon of the country Saudi Arabia

    Saudi Arabia

  • Flag Icon of the country Singapore

    Singapore

  • Flag Icon of the country South Korea

    South Korea

  • Flag Icon of the country Spain

    Spain

  • Flag Icon of the country Sweden

    Sweden

  • Flag Icon of the country Switzerland

    Switzerland

  • Flag Icon of the country Turkey

    Turkey

  • Flag Icon of the country Ukraine

    Ukraine

  • Flag Icon of the country United Kingdom

    United Kingdom

  • Flag Icon of the country United States

    United States

  • Flag Icon of the country Uzbekistan

    Uzbekistan

Artwork

Adversary: Venomous Bear - Threat Actor

Crowdstrike Venomous Bear

I have read and accept the terms and conditions

Download
Explore Next Adversary

Terms and conditions

In order to download the adversary artwork, we kindly request you to accept our terms and conditions displayed below.

This image (“artwork”), is the intellectual property of CrowdStrike, Inc. and its affiliates and licensors (collectively, “us” or “we”) and may include other marks, trademarks, copyrighted materials, and other intellectual property (“assets”) that belong t o us, including, without limitation, CrowdStrike, the CrowdStrike logo, and CrowdStrike Falcon. We retain all right, title and interest in and to the artwork and all assets included therein. This artwork is offered to you as a convenience for your lawful a nd non-commercial use, solely as authorized by us, and subject to your compliance with these terms and conditions (“terms”) and any other guidelines or specifications that we may provide from time to time. We reserve the right to change these terms at any time without prior notice.

You should periodically check the latest information posted herein to be sure that you are in compliance. By downloading the artwork, you attest that you are at least 18 years of age and agree to the following terms, which const itute the sole and entire agreement between you and us with respect to the artwork. We reserve all rights not expressly granted to you herein. You may not use or display the artwork in any way: (i) that violates the rights of any person or entity or that may give rise to civil or criminal liability under laws or regulations applicable to you, another user, and/or CrowdStrike; (ii) that is defamatory, obscene, indecent, abusive, harassing, violent, hateful, inflammatory or otherwise objectionable; (iii) tha t is false, deceptive, misleading or fraudulent, including but not limited to: (a) any attempt to impersonate any person or entity, including any other user, CrowdStrike or a CrowdStrike employee; (b) any attempt to misrepresent your identity or affiliation with any person or organization; or (iv) for the purposes of recruiting, advertising, solicitation or commercial activities of any kind without our express written consent.

THE ARTWORK IS PROVIDED TO YOU BY CROWDSTRIKE ON AN “AS IS” AND “AS AVAILABLE” BA SIS, WITHOUT ANY WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED. EXCEPT TO THE EXTENT THAT A DISCLAIMER OF LIABILITY IS PROHIBITED UNDER APPLICABLE LAW, IN NO EVENT WILL CROWDSTRIKE, ITS AFFILIATES AND ITS LICENSORS, EMPLOYEES, AGENTS, OFFICERS AND DIRE CTORS BE LIABLE FOR DAMAGES OF ANY KIND, UNDER ANY LEGAL THEORY, ARISING OUT OF OR IN CONNECTION WITH YOUR USE, OR INABILITY TO USE, THE ARTWORK.