ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Home > List all groups > Space Pirates

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: Space Pirates

NamesSpace Pirates (Positive Technologies)
Webworm (Symantec)
CountryChina China
MotivationInformation theft and espionage
First seen2017
Description(BleepingComputer) A previously unknown Chinese hacking group known as 'Space Pirates' targets enterprises in the Russian aerospace industry with phishing emails to install novel malware on their systems.

The threat group is believed to have started operating in 2017, and while it has links to known groups like APT 41 (Winnti), Mustang Panda, Bronze President, and Emissary Panda, APT 27, LuckyMouse, Bronze Union, it is thought to be a new cluster of malicious activity.

Russian threat analysts at Positive Technologies named the group 'Space Pirates' due to their espionage operations focusing on stealing confidential information from companies in the aerospace field.
ObservedSectors: Aerospace, Energy, IT.
Countries: Georgia, Mongolia, Serbia, Russia.
Tools used9002 RAT, BH_A006, Deed RAT, Gh0st RAT, MyKLoadClient, PCShare, PlugX, Poison Ivy, ShadowPad Winnti, Trochilus RAT, Zupdax.
Operations performedSep 2022Webworm: Espionage Attackers Testing and Using Older Modified RATs

Last change to this card: 06 September 2023

Download this actor card in PDF or JSON format

Previous: Sowbug
Next: Sphinx

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]