216.73.216.204

Operation FishMedley targeting governments, NGOs, and think tanks

· Published 21/03/2025 10:33 · Modified 21/03/2025 14:46

Export JSON

Essential information

Published
21/03/2025 10:33
Modified
21/03/2025 14:46
Tags
2025-03-21 apt china espionage government i-soon ngo rpipecommander shadowpad sodamaster spyder think tank
Related entities
12 observables, 1 intrusion sets (apt), 18 techniques (mitre), 8 malware, 7 others

Description

ESET researchers have uncovered a global operation called Operation FishMedley, conducted by the FishMonger group, which is operated by the Chinese contractor . The campaign targeted governments, NGOs, and think tanks across Asia, Europe, and the United States during 2022. The attackers used implants like , , and , which are common or exclusive to -aligned threat actors. The operation involved sophisticated tactics including lateral movement, credential theft, and custom malware deployment. Seven victims were identified across various countries and sectors. The analysis provides technical details on the malware used, initial access methods, and command and control infrastructure.

External references