HOMETHREATSSPACESHIP
APT / THREAT GROUP

SPACESHIP

2
aliases
Last seen:Mar 17, 2026

Intelligence Profile

SPACESHIP searches for files with a specified set of file extensions and copies them to

a removable drive. FireEye believes that SHIPSHAPE is used to copy SPACESHIP to a removable drive,

which could be used to infect another victim computer, including an air-gapped computer. SPACESHIP is

then used to steal documents from the air-gapped system, copying them to a removable drive inserted

into the SPACESHIP-infected system

Threat Analysis

SPACESHIP is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

External References

Quick Facts

TypeAPT / Threat Group
Aliases2

Also Known As

SPACESHIPwin.spaceship

External Intelligence

Malpedia: win.spaceship

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
SPACESHIP — APT / Threat Group | Threat Intelligence | CTIWATCH.COM