top of page

Space Pirates

Mitre

Nil

Alias

Space Pirates, Webworm

Country

China

Sponsor

Nil

Motivation

Information Theft And Espionage

First Seen

2017

Description

(BleepingComputer) A previously unknown Chinese hacking group known as 'Space Pirates' targets enterprises in the Russian aerospace industry with phishing emails to install novel malware on their systems.

The threat group is believed to have started operating in 2017, and while it has links to known groups like {{APT 41}} (Winnti), {{Mustang Panda, Bronze President}}, and {{Emissary Panda, APT 27, LuckyMouse, Bronze Union}}, it is thought to be a new cluster of malicious activity.

Russian threat analysts at Positive Technologies named the group 'Space Pirates' due to their espionage operations focusing on stealing confidential information from companies in the aerospace field.

Targeted
Industries

Aerospace, Energy, It

Targeted
Countries

Georgia, Mongolia, Russia

Tools

9002 Rat
Bh_a006
Deed Rat
Gh0st Rat
Mykloadclient
Pcshare
Plugx
Poison Ivy
Shadowpad Winnti
Trochilus Rat
Zupdax

TTP

Nil

Operations
Performed

[2022-09] webworm: Espionage Attackers Testing And Using Older Modified Rats (https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/webworm-espionage-rats

Counter
Operations

Nil

Information

https://www.bleepingcomputer.com/news/security/chinese-space-pirates-are-hacking-russian-aerospace-firms/
https://www.ptsecurity.com/ru-ru/research/pt-esc-threat-intelligence/space-pirates-tools-and-connections/

bottom of page