Voodoo Bear is an alternate name for the group known as Sandworm Team

---

Voodoo Bear is an advanced persistent threat (APT) that has been active since at least 2014, targeting various industries including government agencies and defense contractors in South Korea, Japan, China, and the United States. The group's primary focus appears to be on gathering sensitive information related to military operations, foreign policy decisions, economic sanctions, and political activities of governments worldwide. Voodoo Bear has been linked to several high-profile cyber attacks in recent years, including Operation Troy, which targeted South Korean government agencies and defense contractors, as well as the 2018 Marriott International data breach that affected over 500 million guests worldwide. The group is known for its sophisticated tactics, such as spear-phishing emails with malicious attachments or links to compromised websites, and has been able to evade detection by using various techniques

Techniques, tactics and practices:

Voodoo Bear is an advanced persistent threat that has been active since at least 2014. The group's primary focus appears to be on gathering sensitive information related to military operations, foreign policy decisions, economic sanctions, and political activities of governments worldwide. Voodoo Bear uses various techniques such as spear-phishing emails with malicious attachments or links to compromised websites, targeted attacks against specific individuals within organizations, exploiting vulnerabilities in software systems, using social engineering tactics to gain access to sensitive information, and utilizing advanced evasion techniques that allow them to evade detection. The group has been able to successfully carry out high-profile cyber attacks such as Operation Troy targeting South Korean government agencies and defense contractors, the 2018 Marriott International data breach affecting over 500 million guests worldwide, and more recently a series of attacks against U.S.