FILTERING BY: CLEAR FILTER

FishMonger Espionage Group Porting SprySOCKS Backdoor to Windows

The China-aligned threat actor FishMonger has significantly expanded its operational reach by porting its SprySOCKS backdoor from Linux to Windows. This evolution introduces two specialized Windows-native variants: WIN_DRV, which utilizes a kernel-level rootkit for advanced activity concealment, and WIN_PLUS, which implements Windows-native persistence mechanisms. By leveraging kernel-mode drivers, the group aims to bypass traditional Endpoint Detection and Response (EDR) and Antivirus (AV) software. The malware employs hard-coded Command and Control (C2) configurations over TCP and UDP protocols, facilitating long-term, stealthy espionage and persistent access within targeted enterprise Windows infrastructures.


LINK COPIED TO CLIPBOARD