G1003

G1003Ember Bear

Description

[Ember Bear](https://attack.mitre.org/groups/G1003) is a suspected Russian state-sponsored cyber espionage group that has been active since at least March 2021. [Ember Bear](https://attack.mitre.org/groups/G1003) has primarily focused their operations against Ukraine and Georgia, but has also targeted Western European and North American foreign ministries, pharmaceutical companies, and financial sector organizations. Security researchers assess [Ember Bear](https://attack.mitre.org/groups/G1003) likely conducted the [WhisperGate](https://attack.mitre.org/software/S0689) destructive wiper attacks against Ukraine in early 2022.(Citation: CrowdStrike Ember Bear Profile March 2022)(Citation: Mandiant UNC2589 March 2022)(Citation: Palo Alto Unit 42 OutSteel SaintBot February 2022 )

References

  1. https://attack.mitre.org/groups/G1003
  2. https://www.crowdstrike.com/blog/who-is-ember-bear/
  3. https://www.mandiant.com/resources/russia-invasion-ukraine-retaliation
  4. https://unit42.paloaltonetworks.com/ukraine-targeted-outsteel-saintbot/

Software attributed to this1

TypeTargetConfidenceTier
SoftwareOutSteels1017100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
ENERGETIC BEAR
Group
Inception
Group
Sandworm Team
Group
Turla
Group
Gamaredon Group
Group
HEXANE
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.