Space Pirates Turn Cyber Sabers on Russian, Serbian Organizations

Since late 2019, the Space Pirates cybercrime group has focused its efforts on espionage and data theft. But in recent months, researchers have noticed changes in methodology, indicating the group has unlocked a treasure trove of new technical know-how.

Not only have the Space Pirates run up the number of attacks in recent months, they've been using new, unconventional malware and techniques, researchers with Positive Technologies warn. Once reliant almost exclusively on backdoors, the Pirates have recently started using Deed RAT in significantly ramped-up attacks against Russian companies, the researchers said in their latest report.

"The Space Pirates group uses a large number of publicly available tools for navigating networks," the report said. "The hackers also use Acunetix to reconnoiter infrastructures it targets. Meanwhile, the group's tactics have hardly changed."

Over the past year, Positive Technologies said at least 17 organizations have been victims of Space Pirates' cyberattacks on critical infrastructure, including Russian and Serbian institutions spanning government, defense, education, agriculture, energy, and information security.

"The cybercriminals' main goals are still espionage and theft of confidential information, but the group has expanded its interests and the geography of its attacks," Positive Technologies said in its report.