Mar 23, 2025
A recent investigation has uncovered a significant global espionage campaign linked to a China-linked advanced persistent threat (APT) group, known as Aquatic Panda. The group, also referred to as Bronze University, Charcoal Typhoon, Earth Lusca, and RedHotel, has been found to have targeted seven organizations across six countries in 2022.
The affected entities included governments, non-governmental organizations (NGOs), think tanks, and Catholic charities in Taiwan, Hungary, Turkey, Thailand, France, and the United States. This diverse range of targets suggests that Aquatic Panda is a highly sophisticated and adaptable threat actor, capable of navigating complex networks and systems to achieve its goals.
The global espionage campaign, codenamed Operation FishMedley, is believed to have begun in January 2022 and continued until October 2022. During this time, Aquatic Panda used a range of tactics, techniques, and procedures (TTPs) to gain access to the targeted organizations. The group's malware arsenal included ShadowPad, SodaMaster, and Spyder, among others, which were used to compromise systems, steal sensitive data, and establish a persistent presence within the targeted networks.
The campaign's scope is significant, with Aquatic Panda successfully breaching the systems of organizations in multiple countries. The affected entities included:
Aquatic Panda's TTPs are characterized by their sophistication and adaptability. The group is known to use a range of tools and techniques to gain access to targeted systems, including:
The group's use of ShadowPad, SodaMaster, and Spyder malware is particularly notable, as these tools are highly sophisticated and have been linked to previous China-linked APT campaigns.
The Aquatic Panda campaign has significant implications for organizations across the globe. The group's ability to target a diverse range of entities, including governments, NGOs, and think tanks, highlights the need for increased vigilance and cooperation in the face of cyber threats.
The campaign also underscores the importance of implementing robust cybersecurity measures, including: