Sixteen or more organizations across various sectors in Russia and Serbia have been subjected to attacks by the Space Pirates threat operation over the past 12 months, according to The Hacker News.
While cyberespionage and data theft continue to be the key priorities of Space Pirates in its attacks, the threat group, which was initially discovered in May 2022 and has been associated with the Webworm operation, has increased the scope of its intrusions, a Positive Technologies report showed.
Aside from targeting PST email archives, Space Pirates has also been leveraging the Deed RAT malware, which could fetch plug-ins, including Disk that enables file and folder enumeration, arbitrary file writing, and command execution, as well as allows the deployment of the new Voidoor malware and other payloads, researchers noted.
"The hackers are working on new malware that implements unconventional techniques, such as Voidoor, and modifying their existing malware," said Positive Technologies.
There has been no evidence that individuals with the Biden campaign responded to the unsolicited emails, according to the agencies, which noted that U.S. media organizations have also been provided with Trump campaign-related information by the hackers.
After establishing trust with targets via spear-phishing emails purporting to be job openings for senior-/manager-level employees in high-profile companies, UNC2970 proceeded to deliver a malicious ZIP file masquerading as a job description, an analysis from Google Cloud's Mandiant revealed.
More than 260,000 devices have been part of the Mirai-based botnet, which has been controlled by the Integrity Technology Group using IP addresses of the China Unicom Beijing Province Network, most of which were from the U.S.