APT / THREAT GROUP💰 FINANCIALHIGH

Webworm

🇨🇳China-attributed
1
campaigns
2
aliases
Last seen:Mar 17, 2026

Intelligence Profile

Space Pirates is a cybercrime group that has been active since at least 2017. They primarily target Russian companies and have been observed using various malware, including Deed RAT and ShadowPad. The group uses a combination of publicly available tools and their own protocols to communicate with their command-and-control servers.

Threat Analysis

Webworm is a high-sophistication threat actor attributed to China, engaged in cyber operations with a primary motivation of financial.

Financially motivated threat actors like Webworm prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.

With high sophistication, Webworm is capable of targeted intrusions using adapted commodity tools alongside custom implants, maintaining operational security and evading standard detection mechanisms.

Known Campaigns

Webworm — Active Operations March 2026

Webworm is a financial threat actor attributed to China. Space Pirates is a cybercrime group that has been active since at least 2017. They primarily target Russian companies and have been observed using various malware, including Deed RAT and ShadowPad. The group uses a combination of publicly available tools and their own protocols t...

ACTIVEMEDIUM2026

Intelligence Reports Mentioning Webworm

External References

Quick Facts

TypeAPT / Threat Group
Motivation💰 financial
Sophisticationhigh
Origin🇨🇳 China
Aliases2
SourceMalpedia

Also Known As

WebwormSpace Pirates

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
Webworm — APT / Threat Group | Threat Intelligence | CTIWATCH.COM