You must Register or Sign in to your Cyware account to perform this action
×Once you are logged in, you will be able to:
Customize your feeds by selecting categories you like
Comment on or Like an article
Receive the latest security stories, trends, and insights in your inbox
Build your profile and login across multiple devices
Bookmark a story and read it later
- Home
- Hacker News
- Threat Actors
- Fancy Bear and Venomous Bear: What’s the difference between the two threat groups?

Fancy Bear and Venomous Bear: What’s the difference between the two threat groups?
Fancy Bear and Venomous Bear: What’s the difference between the two threat groups?- July 28, 2019
- |
- Threat Actors
/https://cystory-images.s3.amazonaws.com/shutterstock_305889305.jpg)
- Fancy Bear, also known as the Sofacy threat group, is a Kremlin-based cyber-espionage group.
- Venomous Bear, better known as Turla threat group is a Russian-based cyber-espionage group.
Fancy Bear threat group
Fancy Bear, also known as the Sofacy threat group, is a Kremlin-based cyber-espionage group. The threat group’s other names include APT28, Strontium, Tsar Team, and Pawn Storm. Fancy Bear primarily targets government entities, defense, energy, and media sectors.
Sofacy’s major attacks
Sofacy aka Fancy Bear is said to be responsible for various attacks on the following:
- The German Parliament (2014)
- TV5Monde, the French Television Station (2015)
- The White House (2015)
- NATO (2015)
- The Democratic National Committee (2016)
- IAAF (International Association of Athletes Federation) (2017)
- The International Olympic Committee (2018) and more.
Venomous Bear threat group
Venomous Bear, better known as Turla threat group is a Russian-based cyber-espionage group. This threat group is also known as Snake, Group 88, Waterbug, WRAITH, Uroburos, Pfinet, TAG_0530, KRYPTON, Hippo Team, Pacifier APT, Popeye, SIG23, and Iron Hunter. Venomous Bear primarily targets the government, militaries, and embassies.
Turla’s major attacks
- The US Central Command (2008)
- The office of the prime minister of a former Soviet Union member country (2012)
- A Swiss technology company RUAG (2014)
- G20 attendees including politicians, policy makers, and journalists in April 2017.
- Germany’s government computer network (March 2018).
- Germany’s Federal Foreign Office and the Federal College of Public Administration.
Malicious tools used by the groups
Fancy Bear widely uses malware such as ADVSTORESHELL, CHOPSTICK, JHUHUGIT, and XTunnel. The group has also developed several custom malware such as Foozer, WinIDS, X-Agent, X-Tunnel, and DownRange.
On the other hand, the Turla APT group has been known to use malicious tools such as Gazer, KopiLuwak, ICEDCOFFEE, Carbon backdoor, Moonlight Maze, Mosquito backdoor, Mimikatz, Outlook backdoor, and LightNeuron backdoor.
While both the threat groups are cyber-espionage groups primarily targeting government entities, their attack vectors, targets, and the malware used differs
- + Aware
Get such articles in your inbox
News
-
Previous News BitPaymer Ransomware: An insight into the ransomware’s attack campaigns
- July 28, 2019
- |
- Malware and Vulnerabilities
-
Next News What are CoffeeMiners and how they can affect users?
- July 27, 2019
- |
- Malware and Vulnerabilities
Popular News
Related News
Categories
Get such articles in your inbox
News
-
Previous News BitPaymer Ransomware: An insight into the ransomware’s attack campaigns
- July 28, 2019
- |
- Malware and Vulnerabilities
-
Next News What are CoffeeMiners and how they can affect users?
- July 27, 2019
- |
- Malware and Vulnerabilities
Popular News
Related News
Categories
