We are fundraising! Click the link to learn how you can be an investor into Atlas News!

Space Pirates: A Sophisticated Cyber Threat Targeting Russia and Serbia

Space Pirates: A Sophisticated Cyber Threat Targeting Russia and Serbia


In recent months, the threat actor known as Space Pirates has emerged as a formidable cyber adversary, actively targeting companies and organizations in Russia and Serbia. With a history of large-scale activities, this group has evolved its tactics, employing novel techniques and developing new cyberweapons to achieve its objectives. This article provides an in-depth analysis of the Space Pirates’ cyber campaign, as revealed by researchers from Positive Technologies in their comprehensive report published on July 24, 2023, along with subsequent developments and the ongoing efforts to counter this cyber menace.

Space Pirates’ Expanding Targets:
The report by Positive Technologies Expert Security Center (PT ESC) exposes the scope and scale of Space Pirates’ attacks over the past year. Initially known for espionage and the theft of confidential information, the group has widened its interests, targeting government agencies, educational institutions, security firms, aviation and aerospace companies, agricultural producers, military entities, fuel and energy companies, as well as information security companies across Russia and Serbia.

Continued Evolution of Tactics and Tools:
Despite its expanding targets, the core objectives of Space Pirates remain espionage and data theft. The group has been relentless in its efforts to develop new tools and improve existing ones. Researchers have identified the presence of an Acunetix scanner on one of the Space Pirates’ Command-and-Control (C2) servers, suggesting a likely attack vector via vulnerability exploitation.

The Unconventional Techniques of Voidoor and Deed RAT:
One of the most concerning developments in Space Pirates’ arsenal is the use of a previously undocumented malware called Voidoor. This malware contacts a legitimate forum called Voidtools and a GitHub repository associated with a user named “hasdhuahd” for command-and-control (C2). By exploiting hard-coded credentials, Voidoor gains access to the user’s personal messaging system to search for a folder corresponding to a specific victim ID.

Additionally, Space Pirates has adopted the use of Deed RAT, a successor to ShadowPad and PlugX, commonly employed by Chinese cyber espionage groups. Deed RAT comes in both 32- and 64-bit versions and can dynamically retrieve additional plug-ins from a remote server, granting the hackers extended control over compromised systems.

Potential Chinese Connection:
While the origins of the threat actor remain elusive, various indicators suggest that the developer of the tools used by Space Pirates may have Chinese roots. The group’s techniques are reminiscent of those employed by Chinese groups like APT41, including hosting servers on Choopa and using specific files for dll-hijacking.

Positive Technologies’ Response and Recommendations:
Positive Technologies’ ongoing monitoring and response to cyber threats have been vital in unearthing the Space Pirates’ activities. The research highlights the need for proactive measures to defend against these sophisticated attacks. The company recommends the use of traffic analyzers and sandboxes to identify complex malware and offers products like PT Network Attack Discovery (PT NAD) and PT Sandbox to detect malicious activities, prevent attacks, and identify infected hosts in the network.

Space Pirates continues to be a significant cyber threat, with an ever-evolving arsenal of tools and techniques targeting organizations in Russia and Serbia. The vigilance of cybersecurity experts and the implementation of proactive measures are crucial to safeguarding against these sophisticated attacks. As the cybersecurity landscape evolves, continued research and collaboration remain essential to combating threats posed by groups like Space Pirates.


– Authored by contributor Anthony J. Daw

Joshua Paulo
Joshua Paulo
Joshua Paulo founded GoodHistory in 2018 on the premise that news and history blend to make well-informed politics. He has a degree in Criminal Justice, a background in public service, and is studying for a Masters degree in International Relations. With several years of experience in analysis and journalism, he now leads a team of professionals and is a proud contributor to several publications, all revolving around a common desire to bring unbiased news information to the people. Editor and writer for Atlas News.
- Sponsor -spot_img
- Sponsor -spot_img

Week's Top Stories

More In This Category

PKK Claims Responsibility for Ankara Attack

According to ANF News, the Kurdistan Workers' Party (PKK)...

Taliban Officials Take Part in Moscow Format, Discuss Future of Afghanistan to Regional Powers

What to Know Taliban officials are currently in the city...

Chinese Hackers Obtain Access to U.S Government Emails, State Department and Diplomatic Files Among Tens of Thousands Stolen

In July 2023, Microsoft's mailing infrastructure was breached during...

At Least One Killed in Thailand Mall Shooting, 14-Year-Old Suspect in Custody

What to Know: Thai authorities have reported that at least...