ESET researchers have uncovered a global espionage operation called Operation FishMedley, conducted by the FishMonger APT group, which is operated by the Chinese contractor I-SOON. The campaign targeted governments, NGOs, and think tanks across Asia, Europe, and the United States during 2022. The attackers used implants like ShadowPad, SodaMaster, and Spyder, which are common or exclusive to China-aligned threat actors. The operation involved sophisticated tactics including lateral movement, credential theft, and custom malware deployment. Seven victims were identified across various countries and sectors. The analysis provides technical details on the malware used, initial access methods, and command and control infrastructure. Author: AlienVault
Related Tags:
think tank
sodamaster
RPipeCommander
DelfsCake
dfls
DARKTOWN
SodaMaster – S0627
POISONPLUG.SHADOW
ShadowPad – S0596
Associated Indicators:
2317D3E14AB214F06AE38A729524646971E21B398EDA15CC9DEB8B00B231ABC3
76D6B638A9A22DCE8EDAB0145FCDB09ADB986FB98222FAB0127DF60C2FED8112
D8B631C551845F892EBB5E7D09991F6C9D4FACAD
3C08C694C222E7346BD8633461C5D19EAE18B661
A4F68D0F1C72C3AC9D70919C17DC52692C43599E
89EDCFFC66EDA3AEB75E140816702F9AC73A75F0
2AD82FFA393937A2353096FE2A2209E0EBC1C9D7
D61A4387466A0C999981086C2C994F2A80193CE3
3F5F6839C7DCB1D164E4813AF2E30E9461AB35C1