Space Pirates
Description
(BleepingComputer) A previously unknown Chinese hacking group known as ‘Space Pirates’ targets enterprises in the Russian aerospace industry with phishing emails to install novel malware on their systems.
The threat group is believed to have started operating in 2017, and while it has links to known groups like APT 41 (Winnti), Mustang Panda, Bronze President, and Emissary Panda, APT 27, LuckyMouse, Bronze Union, it is thought to be a new cluster of malicious activity.
Russian threat analysts at Positive Technologies named the group ‘Space Pirates’ due to their espionage operations focusing on stealing confidential information from companies in the aerospace field.
Names
| Name | Name-Giver |
|---|---|
| Space Pirates | Positive Technologies |
| Webworm | Symantec |
| Erudite Mogwai | Solar |
Country
Motivation
- Information theft and espionage
First Seen
2017
Observed Sectors
Observed Countries
Tools
- 9002 RAT
- BH_A006
- Deed RAT
- Gh0st RAT
- MyKLoadClient
- PCShare
- PlugX
- Poison Ivy
- ShadowPad Winnti
- Trochilus RAT
- Zupdax
Operations
- 2022-09: Webworm: Espionage Attackers Testing and Using Older Modified RATs https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/webworm-espionage-rats
- 2024-11: Space Pirates Targets Russian IT Firms With New LuckyStrike Agent Malware https://thehackernews.com/2025/02/space-pirates-targets-russian-it-firms.html
Information
- https://www.bleepingcomputer.com/news/security/chinese-space-pirates-are-hacking-russian-aerospace-firms/
- https://www.ptsecurity.com/ru-ru/research/pt-esc-threat-intelligence/space-pirates-tools-and-connections/
- https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/space-pirates-a-look-into-the-group-s-unconventional-techniques-new-attack-vectors-and-tools/
Other Information
Uuid
0ca08038-12b4-4023-977f-ba63b4471cdb
Last Card Change
2025-03-02