ESET research reveals Operation FishMedley
Verticals targeted during Operation FishMedley include governments, NGOs, and think tanks across Asia, Europe, and the United States.
Operators used implants, such as ShadowPad, SodaMaster, and Spyder, that are common or exclusive to China-aligned threat actors.
ESET assesses with high confidence that Operation FishMedley was conducted by the FishMonger APT group.
Independent of the Department of Justice (DOJ) indictment, ESET Research confirms that FishMonger is operated by I-SOON.
Dubai, UAE: The US Department of Justice (DOJ) recently unsealed an indictment against employees of the Chinese contractor I SOON for their involvement in multiple global espionage operations. Those include attacks that ESET Research previously documented in its Threat Intelligence reports and attributed to the FishMonger group — I-SOON's operational arm — including one involving seven organizations ESET identified as being targeted in a 2022 campaign that ESET named Operation FishMedley. Alongside the indictment, the FBI (which refers to FishMonger as Aquatic Panda) added those named to its Most Wanted list. The indictment describes several attacks that are strongly related to what we published in a private APT intelligence report in early 2023. Today, ESET Research shares technical knowledge about this global campaign that targeted governments, nongovernmental organizations (NGOs), and think tanks across Asia, Europe, and the United States.
'During 2022, ESET investigated several compromises where implants such as ShadowPad and SodaMaster, which are commonly employed by China-aligned threat actors, were used. We were able to cluster seven independent incidents for Operation FishMedley,' says ESET researcher Matthieu Faou, who investigated FishMonger's operation. 'During our research, we were able to independently confirm that FishMonger is an espionage team operated by I SOON, a Chinese contractor based in Chengdu that suffered an infamous document leak in 2024.' adds Faou.
During 2022, in Operation FishMedley, FishMonger attacked governmental organizations in Taiwan and Thailand, Catholic charities in Hungary and the United States, an NGO in the United States, a geopolitical think tank in France, and an unknown organization in Turkey. These verticals and countries are diverse, but most are of obvious interest to the Chinese government.
In most cases, the attackers seemed to have privileged access inside the local network, such as domain administrator credentials. Operators used implants, such as ShadowPad, SodaMaster, and Spyder, that are common or exclusive to China-aligned threat actors. Among other tools used by FishMonger in FishMedley are a custom password exfiltrating passwords; a tool used to interact with Dropbox, likely used to exfiltrate data from the victim's network; the fscan network scanner; and a NetBIOS scanner.
FishMonger — a group operated by the Chinese contractor I SOON — falls under the Winnti Group umbrella and is most likely operating out of China, from the city of Chengdu, where I-SOON's office remains likely to be located. FishMonger is also known as Earth Lusca, TAG 22, Aquatic Panda, or Red Dev 10. ESET published an analysis of this group in early 2020 when it heavily targeted universities in Hong Kong during the civic protests that started in June 2019. The group is known to operate watering-hole attacks. FishMonger's toolset includes ShadowPad, Spyder, Cobalt Strike, FunnySwitch, SprySOCKS, and the BIOPASS RAT.
For a more detailed analysis and technical breakdown of FishMonger's operation, FishMedley, check out the latest ESET Research blog post, 'Operation FishMedley,' on WeLiveSecurity.com. Make sure to follow ESET Research on Twitter (today known as X) for the latest news from ESET Research.
About ESET
ESET® provides cutting-edge digital security to prevent attacks before they happen. By combining the power of AI and human expertise, ESET stays ahead of known and emerging cyberthreats — securing businesses, critical infrastructure, and individuals. Whether it's endpoint, cloud or mobile protection, our AI-native, cloud-first solutions and services remain highly effective and easy to use. ESET technology includes robust detection and response, ultra-secure encryption, and multifactor authentication. With 24/7 real-time defense and strong local support, we keep users safe and businesses running without interruption. An ever-evolving digital landscape demands a progressive approach to security: ESET is committed to world-class research and powerful threat intelligence, backed by R&D centers and a strong global partner network. For more information, visit www.eset.com or follow us on LinkedIn, Facebook, and X.
Media Contact
Sanjeev
Vistar Communications
PO Box 127631
Dubai, UAE
Email: sanjeev@vistarmea.com
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Gulf Today
5 hours ago
- Gulf Today
Sharjah and China strengthen cooperation and partnership
Sharjah Asset Management, the investment arm of the Government of Sharjah, has concluded a strategic visit to the People's Republic of China. The visit aimed to strengthen international cooperation and expand partnership opportunities between the two countries in the areas of research and development, knowledge exchange, and the exploration of promising opportunities in new sectors. This initiative is part of the broader efforts to enhance bilateral relations between the UAE and China and contribute to driving sustainable development in the Emirate of Sharjah. During the visit, Sharjah Asset Management signed a Memorandum of Understanding (MoU) with (CICC), in the presence of Sheikh Saud Bin Mohammed Al Qasimi, Deputy Chairman of Sharjah Asset Management; Omar Al Mulla, CEO Ossol Investment; Saeed Sharar, CEO Ossol investments; along with a group of CEOs and directors from Sharjah Asset Management, and a delegation representing the Bank of China. Sheikh Saud Bin Mohammed Al Qasimi, stated:'This agreement marks a new starting point for a fruitful collaboration with CICC. This partnership will open new horizons for research, investment, innovation, and the exchange of expertise and knowledge between both parties. It will also pave the way for meaningful achievements across key sectors such as finance, technology, and sustainable development, ultimately contributing to long-term economic progress.' A spokesperson from (CICC) affirmed that the partnership with Sharjah Asset Management reflects the company's commitment to strengthening Acooperation between China and the UAE, and to exploring new opportunities that this partnership offers—particularly in the fields of research and development. 'By leveraging our mutual strengths, we can address challenges and seize opportunities within our respective markets, while expanding our reach across regional and international markets,' the spokesperson stated. The Memorandum of Understanding outlines a joint commitment to collaborate on innovative research projects aimed at delivering practical and sustainable solutions that benefit both the Emirati and Chinese economies. It further seeks to enhance growth opportunities in vital sectors such as technology, financial services, environmental sustainability, and sustainable investment strategies. The MoU establishes a solid framework for joint research initiatives designed to foster innovative solutions and drive long-term, sustainable growth. The Memorandum of Understanding is expected to result in a series of joint initiatives, including the organization of specialized workshops and seminars, as well as the implementation of applied research projects that align with the strategic priorities of both parties. The focus will be on sustainable investment practices and innovative solutions that generate long-term economic benefits. This partnership reflects the shared vision of both sides to enhance international cooperation, achieve sustainable economic growth, and build strong strategic relationships. It lays the foundation for future partnerships that will further strengthen the economic ties between China and the United Arab Emirates. The company's delegation visited 23 leading Chinese companies across various key sectors to explore investment and cooperation opportunities. Among the visits were the Beijing Opera House and Stadium, accompanied by the Dafa Industrial Group. The delegation also explored the latest LiDAR technologies by 'Seyond', a leader in this advanced field, and examined promising investment opportunities and applications in the automotive and transportation sectors. During visits to ' and ' the delegation was introduced to potential collaboration in the fields of artificial intelligence, autonomous mobility, and robotaxi technology. The delegation also visited 'Ding Dong Limited' in Shanghai, a company specializing in the delivery of fresh foods, where they explored best practices in logistics, warehouse management, facilities management, and e-retail. Additionally, they visited 'H World Group', which operates over 11,000 hotels across 19 countries, to gain insights into hotel operations and discuss potential expansion and partnership opportunities in the Emirate of Sharjah. The UAE and China enjoy strong economic and trade relations, with China being the UAE's largest trading partner and the UAE remaining China's largest partner in the Middle East and North Africa region. Nearly 15,500 Chinese companies have operated in the UAE markets so far. Separately, Ras Al Khaimah Economic Zone (RAKEZ) recently concluded a multi-city business mission across China, further solidifying its role in advancing UAE-China trade and investment relations. The delegation participated in several high-level B2B engagements, the prestigious 'UAE – China (Sichuan) Economic & Trade Cooperation Promotion Conference' event, hosted by the Embassy of the UAE in Beijing, as well as the Invest UAE Roadshow in Guangzhou led by the UAE Ministry of Investment. WAM
Sharjah 24
7 hours ago
- Sharjah 24
Sharjah Asset Management concludes visit to China
During the visit, Sharjah Asset Management signed a Memorandum of Understanding (MoU) with(CICC), in the presence of Sheikh Saud bin Mohammed Al Qasimi, Deputy Chairman of Sharjah Asset Management; Omar Al Mulla, CEO Ossol Investment; Saeed Sharar, CEO Ossol investments; along with a group of CEOs and directors from Sharjah Asset Management, and a delegation representing the Bank of China. Sheikh Saud bin Mohammed Al Qasimi, stated:'This agreement marks a new starting point for a fruitful collaboration with CICC. This partnership will open new horizons for research, investment, innovation, and the exchange of expertise and knowledge between both parties. It will also pave the way for meaningful achievements across key sectors such as finance, technology, and sustainable development, ultimately contributing to long-term economic progress.' A spokesperson from (CICC) affirmed that the partnership with Sharjah Asset Management reflects the company's commitment to strengthening Acooperation between China and the UAE, and to exploring new opportunities that this partnership offers—particularly in the fields of research and development. "By leveraging our mutual strengths, we can address challenges and seize opportunities within our respective markets, while expanding our reach across regional and international markets," the spokesperson stated. The Memorandum of Understanding outlines a joint commitment to collaborate on innovative research projects aimed at delivering practical and sustainable solutions that benefit both the Emirati and Chinese economies. It further seeks to enhance growth opportunities in vital sectors such as technology, financial services, environmental sustainability, and sustainable investment strategies. The MoU establishes a solid framework for joint research initiatives designed to foster innovative solutions and drive long-term, sustainable growth. The Memorandum of Understanding is expected to result in a series of joint initiatives, including the organization of specialized workshops and seminars, as well as the implementation of applied research projects that align with the strategic priorities of both parties. The focus will be on sustainable investment practices and innovative solutions that generate long-term economic benefits. This partnership reflects the shared vision of both sides to enhance international cooperation, achieve sustainable economic growth, and build strong strategic relationships. It lays the foundation for future partnerships that will further strengthen the economic ties between China and the United Arab Emirates. On the sidelines of the visit to China, Sheikh Saud bin Mohammed Al Qasimi, Vice Chairman of Sharjah Asset Management, met with His Excellency Hussain bin Ibrahim Al Hammadi, the UAE Ambassador to the People's Republic of China. The company's delegation visited 23 leading Chinese companies across various key sectors to explore investment and cooperation opportunities. Among the visits were the Beijing Opera House and Stadium, accompanied by the Dafa Industrial Group. The delegation also explored the latest LiDAR technologies by "Seyond", a leader in this advanced field, and examined promising investment opportunities and applications in the automotive and transportation sectors. During visits to " and " the delegation was introduced to potential collaboration in the fields of artificial intelligence, autonomous mobility, and robotaxi technology. The delegation also visited "Ding Dong Limited" in Shanghai, a company specializing in the delivery of fresh foods, where they explored best practices in logistics, warehouse management, facilities management, and e-retail. Additionally, they visited "H World Group", which operates over 11,000 hotels across 19 countries, to gain insights into hotel operations and discuss potential expansion and partnership opportunities in the Emirate of Sharjah.
Al Etihad
9 hours ago
- Al Etihad
Wall Street ticks higher as tech boost offsets economic worries
4 June 2025 19:00 (REUTERS)US stocks edged higher on Wednesday, as strength in technology shares offset declines driven by weak economic data that deepened concerns about the impact of the Trump administration's erratic trade US services sector contracted for the first time in nearly a year in May, while businesses paid higher input prices, a reminder that the economy was still at risk of experiencing a period of very slow growth and high ADP National Employment Report showed US private employers added the fewest number of workers in more than two years in May. Investors are awaiting Friday's nonfarm-payrolls data for more signs on how trade uncertainty is affecting the US labour doubled tariffs on imported steel and aluminum to 50% on Wednesday, the same day by which President Donald Trump wanted trading partners to make their best offers to avoid other punishing import levies from taking effect in early focus is squarely on tariff negotiations between Washington and its trading partners, with Trump and Chinese leader Xi Jinping expected to speak sometime this week as tensions simmer between the world's two biggest was the best month for the S&P 500 index and the tech-heavy Nasdaq since November 2023, thanks to a softening of Trump's harsh trade stance and upbeat earnings S&P 500 remains less than 3% away from its record highs touched in joined a slew of other brokerages in raising its year-end price target for the S&P 500, pointing to easing trade uncertainty and expectations of normalised earnings growth in 10:36 a.m. ET, the Dow Jones Industrial Average rose 88.09 points, or 0.20%, to 42,605.07, the S&P 500 gained 17.36 points, or 0.29%, to 5,987.73 and the Nasdaq Composite gained 58.41 points, or 0.31%, to 19, of the 11 major S&P 500 sub-sectors rose, led by communication services with a 1.2% rise, while information technology stocks gained 0.4%.Shares of Hewlett Packard Enterprise rose 1.1% as demand for the company's artificial-intelligence servers and hybrid cloud segment helped it beat estimates for second-quarter revenue and rose 2.2% after the chip manufacturer announced plans to increase its investments to $16 dropped 3.8%. The electric-vehicle maker's sales dropped for the fifth straight month in big European Fargo shares rose 1.2% after the U.S. Federal Reserve removed a $1.95 trillion asset cap imposed in 2018 following years of of cybersecurity firm CrowdStrike slumped 4.7% after it forecast quarterly revenue below Tree fell 10.2% after the discount store operator forecast second-quarter adjusted profit would be as much as 50% lower than a year ago due to tariff-driven issues outnumbered decliners by a 2.02-to-1 ratio on the NYSE and by a 1.41-to-1 ratio on the Nasdaq. The S&P 500 posted 19 new 52-week highs and no new lows while the Nasdaq Composite recorded 63 new highs and 23 new lows.
