Security News > 2023 > August > Researchers Expose Space Pirates' Cyber Campaign Across Russia and Serbia

The threat actor known as Space Pirates has been linked to attacks against at least 16 organizations in Russia and Serbia over the past year by employing novel tactics and adding new cyber weapons to its arsenal.

Targets comprise government agencies, educational institutions, private security companies, aerospace manufacturers, agricultural producers, defense, energy, and healthcare firms in Russia and Serbia.

Positive Technologies' analysis of the attack infrastructure has revealed the threat actor's interest in harvesting PST email archives as well as making use of Deed RAT, a malware artifact exclusively attributed to the adversarial collective.

Under active development, the malware comes in both 32- and 64-bit versions and is equipped to dynamically retrieve additional plug-ins from a remote server.

Voidtools is the developer of a freeware desktop search utility for Microsoft Windows called Everything, with its forum powered using an open-source forum software called MyBB. The primary goal of Voidoor is to login to the forum using hard-coded credentials and access the user's personal messaging system to look for a folder matching a particular victim ID. Evidence shows that the accounts on GitHub and voidtools were registered sometime in November 2022.

"The hackers are working on new malware that implements unconventional techniques, such as voidoor, and modifying their existing malware," Positive Technologies said, adding the actors use a "Large number of publicly available tools for navigating networks" and leverage the Acunetix web vulnerability scanner to "Reconnoiter infrastructures it targets."

News URL

https://thehackernews.com/2023/08/researchers-expose-space-pirate-cyber.html