Cybersecurity experts have uncovered a series of sophisticated cyberattacks by the advanced persistent threat group known as Space Pirates that target IT organizations and government agencies in Russia and neighboring regions, reports GBHackers.The group, which also go by the name Erudite Mogwai, has a history of cyber espionage dating back to 2017. The most recent attacks were detected in November 2024 and showcased the group’s advanced tactics, including the use of Microsoft OneDrive as a command-and-control channel.This approach allowed them to communicate covertly, execute commands, and exfiltrate data while evading detection by exploiting OneDrive’s reputation as a trusted cloud service.Central to their campaign is the LuckyStrike Agent, a .NET-based backdoor with unique capabilities. LuckyStrike facilitates remote task execution, reconnaissance, and persistent access to compromised systems with a focus on high-value targets in aerospace, energy, and public administration sectors.Space Pirates also customized the open-source Stowaway proxy tool, integrating LZ4 compression, XXTEA encryption, and QUIC protocol support to enhance stealth and efficiency.The attack, which is believed to have begun in March 2023 or earlier, involved over 20 tools and compromised critical infrastructure, including Active Directory servers.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds