Cyber Resilience

Campaign · all campaigns

SPACEHOP ActivityC0052 state

🇨🇳 CN

aka SPACEHOP Activity

Last updated: 2026-07-03

0attributed CVEs
7ATT&CK techniques
0.0IDF score (tooling uniqueness)
0exclusive CVEs
years active

About this actor

[SPACEHOP Activity](https://attack.mitre.org/campaigns/C0052) is conducted through commercially leased Virtual Private Servers (VPS), otherwise known as provisioned Operational Relay Box (ORB) networks. The network leveraged for SPACEHOP Activity enabled China-nexus cyber threat actors – such as [APT5](https://attack.mitre.org/groups/G1023) and [Ke3chang](https://attack.mitre.org/groups/G0004) – to perform network reconnaissance scanning and vulnerability exploitation. SPACEHOP Activity has historically targeted entities in North America, Europe, and the Middle East.(Citation: ORB Mandiant)

Source: MITRE ATT&CK

Activity timeline

No activity events recorded.

Profile

CVERiskCVSSEPSSPublishedProducts
No attributed CVEs.

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
AC-33 / 743%
AC-43 / 743%
CA-73 / 743%
CM-63 / 743%
CM-73 / 743%
SC-73 / 743%
SI-103 / 743%
SI-152 / 729%
SI-32 / 729%
SI-42 / 729%
AC-21 / 714%
AC-51 / 714%
AC-61 / 714%
CA-21 / 714%
CM-21 / 714%

Co-occurring actors

None.

Similar actors

Same nation-state