SpaceBears

Also known as: SpaceBears, space bears

SpaceBears is a ransomware group believed to be based in Moscow, Russia, that has taken credit for several high-profile cyberattacks while primarily operating as a Data Broker. They currently list eight organizations on their Data Leak Site, focusing on medium to small-sized targets. Their methods suggest a reliance on basic extortion strategies rather than sophisticated malware tactics, with no advanced techniques or indicators of ransomware detected.

🌍 Country Russia

Introduction

SpaceBears is a ransomware group believed to be based in Moscow, Russia, that has taken credit for several high-profile cyberattacks while primarily operating as a Data Broker. They currently list eight organizations on their Data Leak Site, focusing on medium to small-sized targets. Their methods suggest a reliance on basic extortion strategies rather than sophisticated malware tactics, with no advanced techniques or indicators of ransomware detected.

Activities and Tactics

Country of Origin: 🇷🇺 Russia

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

Information pending cataloguing.

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

  • SPACESHIP
  • CyberGate
  • Small-Net
  • Cyber Eye RAT

Attribution and Evidence

Country of Origin: Russia Additional attribution information pending cataloguing.

References

References pending cataloguing.