Summary: The China-linked APT group Aquatic Panda has been implicated in a global espionage campaign targeting various organizations across multiple countries in 2022. This operation, codenamed βOperation FishMedley,β involved sophisticated malware tools and is attributed to a collective recognized for reusing well-known hacking mechanisms. The campaign underscores ongoing cybersecurity threats posed by state-sponsored actors using advanced techniques for espionage.
Affected: Governments, NGOs, Think Tanks across Taiwan, Hungary, Turkey, Thailand, France, and the United States
Keypoints :
- Operation FishMedley lasted from January to October 2022, affecting seven different organizations.
- Aquatic Panda, also known as Bronze University and other aliases, has been active since at least 2019 and operates under the Winnti Group umbrella.
- The campaign utilized five distinct malware families, including ShadowPad and a new implant called RPipeCommander.
- Security analyses point to a trend of collaboration among different China-aligned APT groups in utilizing shared malware resources.
Source: https://thehackernews.com/2025/03/china-linked-apt-aquatic-panda-10-month.html