CyberSecurity news
FlagThis
@cyberpress.org
//
The FishMonger APT, a Chinese cyber-espionage group with ties to the cybersecurity contractor I-SOON, has been implicated in a global espionage operation known as Operation FishMedley. This campaign, active in 2022, targeted a diverse range of entities, including governments, non-governmental organizations (NGOs), and think tanks across Asia, Europe, and the United States. These findings come as the US Department of Justice unsealed an indictment against I-SOON employees for their alleged involvement in espionage campaigns spanning from 2016 to 2023.
The attacks involved sophisticated malware implants such as ShadowPad, Spyder, and SodaMaster, tools frequently associated with China-aligned threat actors. These implants facilitated data theft, surveillance, and network penetration. One case revealed attackers used the Impacket tool to escalate privileges, execute commands, and extract sensitive authentication data from a US-based NGO. ESET's independent research confirms FishMonger is an espionage team operated by I-SOON, highlighting the ongoing threat posed by China-aligned APT groups to sensitive sectors worldwide.
ImgSrc: blogger.googleu
References :
The attacks involved sophisticated malware implants such as ShadowPad, Spyder, and SodaMaster, tools frequently associated with China-aligned threat actors. These implants facilitated data theft, surveillance, and network penetration. One case revealed attackers used the Impacket tool to escalate privileges, execute commands, and extract sensitive authentication data from a US-based NGO. ESET's independent research confirms FishMonger is an espionage team operated by I-SOON, highlighting the ongoing threat posed by China-aligned APT groups to sensitive sectors worldwide.
ImgSrc: blogger.googleu
Share:
References :
- cyberpress.org: Chinese FishMonger APT Linked to I-SOON Targets Governments and NGOs
- Virus Bulletin: ESET's Matthieu Faou writes about Operation FishMedley, a global espionage operation by FishMonger, the China-aligned APT group run by I-SOON. In the victims list: governments, NGOs and think tanks across Asia, Europe and the United States.
- : FishMonger APT Group Linked to I-SOON in Espionage Campaigns
- gbhackers.com: GB Hackers: I-SOON’s ‘Chinese Fishmonger’ APT Targets Government Entities and NGOs
- talkback.sh: Talkback: Chinese I-Soon Hackers Hit 7 Organizations in Operation FishMedley [net] [rev] [mal]
- The Hacker News: The activity, observed in July 2024, marks the first time the hacking crew has deployed ShadowPad, a malware widely shared by Chinese state-sponsored actors.
- www.helpnetsecurity.com: ESET investigated suspicious activity on the network of a trade group in the United States that operates in the financial sector.
- : Once considered inactive, the Chinese cyber espionage group FamousSparrow has reemerged, targeting organizations across the US, Mexico and Honduras
- www.it-daily.net: After a long period of dormancy, the Chinese hacker group FamousSparrow is active again. According to the IT security company ESET, the group has become increasingly dangerous and has deployed new, sophisticated espionage tools.
- BetaNews: The Chinese threat actor known as FamousSparrow has been linked to a cyber attack targeting a trade group in the United States and a research institute in Mexico to deliver its flagship backdoor SparrowDoor and ShadowPad.
- ESET Research: ESETresearch published its investigation of Operation FishMedley, a global espionage operation by the China-aligned APT group FishMonger.
- www.bleepingcomputer.com: Chinese FamousSparrow hackers deploy upgraded malware in attacks
- The Register - Security: China’s FamousSparrow flies back into action, breaches US org after years off the radar
- Blog: Cybersecurity researchers have revealed that in July 2024, the China-linked threat actor FamousSparrow targeted a U.S. trade association and a Mexican research institute.
- gbhackers.com: New FamousSparrow Malware Targets Hotels and Engineering Firms with Custom Backdoor
- www.techradar.com: Chinese hackers FamousSparrow allegedly target US financial firms
- cyberpress.org: ESET researchers have uncovered new activity from the China-aligned APT group FamousSparrow, revealing two previously undocumented versions of their custom SparrowDoor backdoor.
- www.scworld.com: Organizations in the U.S., Mexico, and Honduras have been targeted in new attacks by the Chinese state-sponsored advanced persistent threat operation FamousSparrow, which was believed to have gone on a hiatus over the last three years