high_confidence
SPACEHOP Activity
[SPACEHOP Activity](https://attack.mitre.org/campaigns/C0052) is conducted through commercially leased Virtual Private Servers (VPS), otherwise known as provisioned Operational Relay Box (ORB) networks. The network leveraged for SPACEHOP Activity enabled China-nexus cyber threat actors – such as [APT5](https://attack.mitre.org/groups/G1023) and [Ke3chang](https://attack.mitre.org/groups/G0004) – to perform network reconnaissance scanning and vulnerability exploitation. SPACEHOP Activity has historically targeted entities in North America, Europe, and the Middle East.(Citation: ORB Mandiant)
Start date
1 January 2019
End date
1 May 2024
Techniques
4
Attributed actors
Techniques (4)
command-and-control1
T1090.003Multi-hop Proxy
initial-access1
T1190Exploit Public-Facing Application
resource-development2
T1588.002Tool
T1583.003Virtual Private Server
Indicators of compromise
No IOCs linked to this campaign yet.