Chinese Hacker Group FishMonger Linked to iSoon APT Operation

By /

Listen to this Post

A notorious hacker group, known as FishMonger or Aquatic Panda, is reportedly working under a contract for the Chinese government, executing espionage operations targeting a broad range of organizations globally. This hacking group, revealed in recent research, is actively involved in gathering sensitive information from governmental bodies, NGOs, think tanks, and more. Now, a detailed analysis connects FishMonger to the iSoon APT operation, a Chinese advanced persistent threat (APT) contractor, uncovering the mechanics of state-sponsored cyber espionage.

the

In March 2025, ESET researchers disclosed evidence pointing to FishMonger’s involvement in the “FishMedley” espionage campaign. This group, also known as Aquatic Panda, has been targeting high-profile organizations and think tanks worldwide on behalf of the Chinese government. The US Department of Justice recently added FishMonger members to the FBI’s Most Wanted list, drawing attention to their hacking activities.

FishMonger is now believed to be a contractor under iSoon, a Shanghai-based company posing as a cybersecurity provider but actually facilitating cyber espionage on behalf of the Chinese government. This revelation builds on earlier findings from leaked documents showing that iSoon hires hackers to conduct operations for agencies such as the Ministry of Public Security and the People’s Liberation Army.

Although FishMonger

The

What Undercode Says:

FishMonger’s operations highlight a fascinating aspect of modern cyber espionage: the distinction between highly sophisticated attacks and efficient, persistent data collection. Many cybersecurity firms focus on tracking advanced tools or novel attack methods, but this case demonstrates that long-term access and data theft can be achieved with relatively simple tools, provided the attacker is highly organized and patient.

The connection to iSoon is particularly significant. The fact that iSoon poses as a legitimate cybersecurity firm while secretly running a hacking operation underlines the sophisticated infrastructure behind these attacks. It’s a stark reminder of the blurred lines between legitimate corporate activity and state-sponsored cyber warfare.

What’s especially striking about the FishMonger group is their methodical approach to maintaining access. While they don’t use cutting-edge exploits, they show an incredible capacity for persistence. Many organizations that fall victim to such groups might not even notice the breach for months, allowing attackers to steal valuable intelligence without alerting the target. This highlights a growing trend where the duration of access is prioritized over the initial exploit’s complexity.

FishMonger’s targets provide insight into the geopolitical priorities of the Chinese government. NGOs, think tanks, and governmental bodies in Asia, Europe, and North America are regularly targeted—suggesting that these organizations hold valuable strategic information regarding China’s interests. This targeting is a clear indication of the Chinese government’s focus on influencing international discourse and gathering intelligence to support their geopolitical strategy.

It is also important to note that while FishMonger may not be the most technically advanced Chinese cyber group, their operations are certainly impactful. The use of widely available tools, while often dismissed as low-tech, serves a purpose in this context: it reduces the likelihood of detection. For organizations focused on defending against more sophisticated threats, a less flashy but sustained attack may be harder to spot, despite being equally damaging.

Fact Checker Results:

  1. The research firmly connects FishMonger to iSoon, confirming their role as contractors for the Chinese government’s cyber espionage efforts.
  2. The attack tools used by FishMonger, such as ShadowPad and Spyder loader, have been widely documented as associated with Chinese cyber threat actors.
  3. Targeting NGOs and think tanks with a focus on China-related research aligns with the Chinese government’s historical interest in controlling information and gathering intelligence on geopolitical matters.

References:

Reported By: https://www.darkreading.com/cyberattacks-data-breaches/chinese-espionage-hacker-group-isoon-apt-operation
Extra Source Hub:
https://www.medium.com
Wikipedia
Undercode AI

Image Source:

Pexels
Undercode AI DI v2

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Explore More: