Trusted Design

Saint Bear

アクターID: G1031

· MITRE Pageへのリンク

脅威アクターの詳細

Saint Bear is a Russian-nexus threat actor active since early 2021, primarily targeting entities in Ukraine and Georgia. The group is notable for a specific remote access tool, Saint Bot, and information stealer, OutSteel in campaigns. Saint Bear typically relies on phishing or web staging of malicious documents and related file types for initial access, spoofing government or related entities.(Citation: Palo Alto Unit 42 OutSteel SaintBot February 2022 )(Citation: Cadet Blizzard emerges as novel threat actor) Saint Bear has previously been confused with Ember Bear operations, but analysis of behaviors, tools, and targeting indicates these are distinct clusters.

脅威アクターの別名・別称

Saint Bear
Storm-0587
TA471
UAC-0056
Lorec53

利用した攻撃手法

関連するCVE (攻撃手法に関連)

Actor – Pulse グラフ

← 脅威アクター一覧に戻る