Space Bears has posted three claimed victims in the past 30 days, with activity concentrated in Brazil (two claims) and a secondary hit in the Turks and Caicos Islands, marking a geographic shift away from the US-and-Europe focus described in earlier threat-intel writeups. Business services firms account for the majority of recent claimed targets, with one manufacturing victim also listed. The group is linked to Phobos ransomware-as-a-service infrastructure and employs double-extortion tactics, meaning it exfiltrates data before encrypting systems and threatens public release to pressure payment. Phobos-affiliated operators are known to disable backup and recovery mechanisms and abuse legitimate remote-access tools to move laterally before deploying encryption. Space Bears' cumulative victim count remains low at four claimed targets all-time, suggesting either selective targeting, a small operator pool, or significant underreporting.