Campaign · all campaigns
SPACEHOP ActivityC0052 state
🇨🇳 CN
aka SPACEHOP Activity
Last updated: 2026-07-03
0attributed CVEs
7ATT&CK techniques
0.0IDF score (tooling uniqueness)
0exclusive CVEs
—years active
About this actor
[SPACEHOP Activity](https://attack.mitre.org/campaigns/C0052) is conducted through commercially leased Virtual Private Servers (VPS), otherwise known as provisioned Operational Relay Box (ORB) networks. The network leveraged for SPACEHOP Activity enabled China-nexus cyber threat actors – such as [APT5](https://attack.mitre.org/groups/G1023) and [Ke3chang](https://attack.mitre.org/groups/G0004) – to perform network reconnaissance scanning and vulnerability exploitation. SPACEHOP Activity has historically targeted entities in North America, Europe, and the Middle East.(Citation: ORB Mandiant)
Source: MITRE ATT&CK
Activity timeline
No activity events recorded.
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
| No attributed CVEs. | |||||
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
AC-3 | 3 / 7 | 43% |
AC-4 | 3 / 7 | 43% |
CA-7 | 3 / 7 | 43% |
CM-6 | 3 / 7 | 43% |
CM-7 | 3 / 7 | 43% |
SC-7 | 3 / 7 | 43% |
SI-10 | 3 / 7 | 43% |
SI-15 | 2 / 7 | 29% |
SI-3 | 2 / 7 | 29% |
SI-4 | 2 / 7 | 29% |
AC-2 | 1 / 7 | 14% |
AC-5 | 1 / 7 | 14% |
AC-6 | 1 / 7 | 14% |
CA-2 | 1 / 7 | 14% |
CM-2 | 1 / 7 | 14% |
Co-occurring actors
None.
Similar actors
Similar TTPs
- FLORAHOX Activity 0.45
- CostaRicto 0.29
- POLONIUM 0.29
- J-magic Campaign 0.25
- PittyTiger 0.25
Same nation-state
- Night Dragon 1.00
- FunnyDream 1.00
- Operation Wocao 1.00
- C0017 1.00
- Cutting Edge 1.00
Same category
- Night Dragon 1.00
- FunnyDream 1.00
- C0011 1.00
- Operation Wocao 1.00
- Operation Dream Job 1.00