ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > Space Pirates

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: Space Pirates

NamesSpace Pirates (Positive Technologies)
CountryChina China
MotivationInformation theft and espionage
First seen2017
Description(BleepingComputer) A previously unknown Chinese hacking group known as 'Space Pirates' targets enterprises in the Russian aerospace industry with phishing emails to install novel malware on their systems.

The threat group is believed to have started operating in 2017, and while it has links to known groups like APT 41 (Winnti), Mustang Panda, Bronze President, and Emissary Panda, APT 27, LuckyMouse, Bronze Union, it is thought to be a new cluster of malicious activity.

Russian threat analysts at Positive Technologies named the group 'Space Pirates' due to their espionage operations focusing on stealing confidential information from companies in the aerospace field.
ObservedSectors: Aerospace, Energy.
Countries: Georgia, Mongolia, Russia.
Tools usedBH_A006, Deed RAT, MyKLoadClient, PCShare, PlugX, Poison Ivy, ShadowPad Winnti, Zupdax.
Information<https://www.bleepingcomputer.com/news/security/chinese-space-pirates-are-hacking-russian-aerospace-firms/>
<https://www.ptsecurity.com/ru-ru/research/pt-esc-threat-intelligence/space-pirates-tools-and-connections/>

Last change to this card: 19 July 2022

Download this actor card in PDF or JSON format

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]